lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200610102330.k9ANUFuO029469@faron.mitre.org>
Date: Tue, 10 Oct 2006 19:30:15 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: str0ke@...w0rm.com, xp1o@....com
Cc: bugtraq@...urityfocus.com
Subject: Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit


str0ke said:

>index.php seems patched to me.

The following code was in 2.15, which also suggests that the issue
might not exist, at least for index.php:

  $isearch_path = '.';
  define('IN_ISEARCH', true);

  require_once "$isearch_path/inc/core.inc.php";
  require_once "$isearch_path/inc/search.inc.php";

However, there are other uses of $isearch_path later on in the code
(again, 2.15):

  include("$isearch_path/inc/header.inc.php");
  ...
  require_once "$isearch_path/inc/form_internal.inc.php";
  ...
  include "$isearch_path/inc/footer.inc.php";

So, we might want to look into inc/core.inc.php and other include
files for evidence of dynamic variable evaluation or other
functionality that could overwrite $isearch_path for the later
include/require invocations.

Unfortunately, core.inc.php is encoded with the statement "This file
is protected by copyright law and provided under license. Reverse
engineering of this file is strictly prohibited."

At this point, the original report is not provably erroneous without
doing the base64-decode of the protected file and peeking in.  But
since this post is about technical accuracy and not legal matters,
I'll stop there.

- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ