lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030514174341.12038.qmail@linuxmail.org>
Date: Thu, 15 May 2003 01:43:40 +0800
From: "Mind Warper" <mindwarper@...uxmail.org>
To: bugtraq@...urityfocus.com
Subject: php-proxima Remote File Access Vulnerability


php-proxima Remote File Access Vulnerability

---------------------- 
Vendor Information: 
---------------------- 

Homepage : http://www.php-proxima.com
Vendor : informed 
Mailed advisory: 14/05/03 
Vender Response : None 

---------------------- 
Affected Versions: 
---------------------- 

php-proxima 6.0 and prior

---------------------- 
Vulnerability: 
---------------------- 

php-proxima is a website portal system made in php. php-proxima is actually
a different version of php-nuke, very similar although it has some changes.

One of the changes is that php-proxima contains a file called autohtml.php.
By sending a specific request as shown bellow an attacker may be able to
include local files and therefore read them.

The problem appears here:

***************************
..

witch($op) {

    case "modload":
	if (!isset($mainfile)) { include("mainfile.php"); }
	$index = 0;
	include("header.php");
	OpenTable();
   				include("autohtml/$name");

..
***************************

Since the case has been coded so poorly in terms of security, a user
can avoid including mainfile.php and inject anything into $name.

Example:

http://victim/autohtml.php?op=modload&mainfile=x&name=<local filename>

---------------------- 
Solution: 
---------------------- 

You can fix this problem by replacing
include("autohtml/$name");
with
// include("autohtml/$name");

Please check the vendor's website for new patches. 

---------------------- 
Contact: 
---------------------- 

Name: Mindwarper 
Email: mindwarper@...uxmail.org
Website: http://mindlock.bestweb.net 

-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ