Recent File Inclusion vulnerabilities
Latest information about File Inclusion vulnerabilities
20.02.2012 06:29 ors0wer scripting,remote file inclusion,rfi,lfi,honeypots,ha details >>
19.02.2012 15:06 Threat Analysis of "r00t 4 LFI (Local File Inclusion) Toolkit" details >>
19.02.2012 13:36 g0tmi1k [Video] Kioptrix - Level 4 (Limited Shell) backdooring via MySQL injection, local file inclusion PHP session details >>
19.02.2012 05:36 [Video] Kioptrix - Level 4 (Local File Inclusion) details >>
18.02.2012 18:02 Joomla Xcomp Local File Inclusion ≈ Packet Storm: Information Security News, Files, Tools, Exploits, Advisories ... details >>
18.02.2012 10:27 r00t 4 LFI Toolkit - This tool is a php script that assists in performing local file inclusion attacks. details >>
18.02.2012 09:27 Joomla Xcomp Local File Inclusion details >>
18.02.2012 08:27 Exploit Files - Joomla XVS Local File Inclusion details >>
18.02.2012 08:27 Joomla Xcomp Local File Inclusion: The Joomla Xcomp component suffers from a local file inclusion vulnerability. details >>
16.02.2012 22:29 -packetstormsecurity.org: (RadhikaGB Local File Inclusion ≈ Packet Storm details >>)
16.02.2012 22:29 -packetstormsecurity.org: (Pandora FMS 4.0.1 Local File Inclusion ≈ Packet Storm details >>)
16.02.2012 20:29 Exploit Files - RadhikaGB Local File Inclusion details >>
16.02.2012 19:29 Exploit Files - Pandora FMS 4.0.1 Local File Inclusion details >>
16.02.2012 11:23 osvdb : LEPTON CMS account/preferences.php language Parameter Traversal Local File Inclusion: LEPTON CMS account... details >>
16.02.2012 05:54 lv3 11in1 Cross-Site Request Forgery and File Inclusion Vulnerabilities details >>
16.02.2012 04:54 [3/5] 11in1 Cross-Site Request Forgery and File Inclusion Vulnerabilities details >>
15.02.2012 21:08 -packetstormsecurity.org: (11in1 1.2.1 Stable 12-31-2011 Cross Site Request Forgery / Local File Inclusion &# details >>)
15.02.2012 20:08 11in1 version 1.2.1 stable 12-31-2011 suffers from cross site request forgery and local file inclusion vulnerabilities. details >>
14.02.2012 04:37 [4/5] WordPress Relocate Upload Plugin "abspath" File Inclusion Vulnerability details >>
14.02.2012 03:37 Password Protection and File Inclusion With PHP Mjv: .JoE details >>
File Inclusion vulnerabilities Archive 2011
Here is short summary of recent File Inclusion vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.
Multiple Vulnerabilities in NX5Linkx.
Description.
Vulnerable script: link.php
Parameter logo is not properly sanitized. It used as full local path to logo filename. Script do the copy of this file in logos directory. This directory is available from the web.
This can be used to read arbitrary files.
Vulnerable scripts: The name of those scripts are defined by webmaster. First - (a) displays links list. Second - (b) "out" script which do the redirections when someone clicks on link
Parameters c(script "a"), l(script "b") are not properly sanitized before being used in SQL query. This can be used to make any SQL query or make a HTTP response-splitting attack by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
Vulnerable Script: link.php
Parameter url is not properly sanitized. This can be used to make HTTP Response Splitting attack.
Exploit.
URL: http://host/link.php
Logo URL: /etc/passwd
This file can be downloaded using the link:
http://host/logos/N.
N - ID of the link
http://host/links.php?c=999'%20union%20select%201,222/*
http://host/out.php?l=999' union select 1,1,'http://google.com',1,1,1,1/*
URL: http://host/link.php
URL(in form): http://host.com%0D%0A%0D%0AHTTP/1.0 200 OK%0D%0A%0D%0A.......
Solution
Solution is not available.
Other details >>Arbitrary File Disclosure Vulnerability in Quirex.
Description.
Vulnerable Script: convert.cgi
Variable $quiz_head $quiz_foot $template are not properly sanitized. This can be used to read arbitrary files.
System access is possible.
Exploit.
File Disclosure Example
Url: http://host/cgi-bin/quirex/convert.cgi
Path to quiz_head.txt: [arbitrary file]
Path to quiz_foot.txt: [arbitrary file]
Output file: [output file]
Solution
Solution is not available.
Other details >>File Inclusion Vulnerability in PHP iCalendar.
Description.
File: functions/template.php
Function parse($file) calls include($file) without correct sanitation of variable $file
File: search.php
Parameter getdate isn't properly sanitized and may contain a filepath.
All this can be used to make inclusion of arbitrary server-side file.
System access is possible.
Exploit.
File inclusion example:
http://host/icalendar/search.php?getdate=[anyfile]
Solution.
Vendor-provided patch is available at:http://dimer.tamu.edu/phpicalendar.net/forums/viewtopic.php?p=1869#1869Other details >>
Directory Traversal and Data Disclosure in RCBlog.
Description.
1. Directories data config are not protected by htaccess in default installiation. This can be used to retrieve registered user's information including logins and password's md5 hashes.
2. Directory traversal is possible.
Vulnerable script: index.php
Variable $_GET[post] isn't properly sanitized. This can be used to open arbitrary files with txt extention. Administrator's login and password is threatened.
Administrator has an ability to upload arbitrary files.
System access is possible.
Exploit.
Directory traversal example:
http://host/rcblog/index.php?post=../config/password
Solution
Solution is not available.
Other details >>