|
ReviewPost version 2.5 vulnerability - Remote File Inclusion (RP_PATH) |
|
|
|
|
Saturday, 23 September 2006 |
|
Home edition2001 a.k.a (bius) found a vulnerability in ReviewPost 2.5 (RP_PATH). If you want to contact him then you can contact at
This email address is being protected from spam bots, you need Javascript enabled to view it
He showed his Greetz to Solpot, Matdule,Fungky, psycho_l061c, rm_2online, ax[I]xu ,can4da_dry imam26_it,ant1casper(tolong tambahin ya)#nyubi , #hitamputih @dalnet
In reviewpost 2.5 the input passed to the “rp_path” is not at all verfied properly. It is not verified carefully before it’s been used to include the files. It can be exploited to execute a malicious and arbitrary php code by including the files from local or external resources. The code for this exploit is given below and it’s been taken from index.php
require "pp-inc.php";
if ( is_numeric($argv[0]) ) {
header("Location:
{$Globals['maindir']}/showproduct.php?product={$argv[0]}");
exit;
}
require "$RP_PATH/languages/$rplang/index.php";
require "$RP_PATH/login-inc.php";
if ( file_exists("install.php") ||
file_exists("{$Globals['maindir']}/install.php") ) {
diewell( "For security reasons, please remove the install.php from
the ReviewPost directory before proceeding." );
exit;
}
?> | |