Re: Re: DesktopOnNet 3 Beta LFI

[Kurt Seifried <kseifried () redhat com>]

On 02/27/2012 07:10 AM, Whitney Houston wrote:
> I forget to say, I want CVE number. give it to me.
>
> On Mon, Feb 27, 2012 at 2:10 PM, Whitney Houston
> <i4m4l1v3b17ch3z () gmail com>wrote:
>
> > Hello list
> >
> > I want to report serious scary issue, I find this vulnerability that make
> > me fall off chair and giggle like silly slut.
> >
> > Project: http://sourceforge.net/projects/don3/
> >
> > <?php
> > require('system/switches.php');
> >
> > if
> > (file_exists('applications/'.$_GET["app"].'.don3app/'.$_GET["app"].'.php')){
> >         $appfile = $_GET["app"];
> >         $app_path = "applications/".$appfile.".don3app/";
> > } else {
> >         $appfile = "frontpage";
> >         $app_path = "applications/frontpage.don3app/";
> > }
> >
> > if (file_exists("library/$appfile.don3lib")){
> >         $topper_array = don3_read_don3lib($appfile.".don3lib");
> >         $title = $topper_array[0];
> > } else {
> >         $title = "ERROR T1";
> > }
> >
> >
> > $topper_includer = 'applications/'.$appfile.'.don3app/'.$appfile.'.php';
> >
> > ....
> >
> > include ($topper_includer);
> >
> >
> > Obviously I keep this bug super secret for many month but now i release
> > for all, after my recent death.
> >
> > xx


Can you please state which version(s) are vulnerable and which specific
files are vulnerable? Thanks.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)