DGNews v 1.5 File Upload Vuln.
###############################################
Vuln. discovered by : r0t
Date: 29 may 2006
vendor:www.diangemilang.com/dgscripts.php
affected versions:v 1.5 and prior
orginal advisory:
http://pridels.blogspot.com/2006/05/dgnews-v-15-file-upload-vuln.html
###############################################
Vuln. Description:
It is possible to upload arbitrary files via the
"/admin/news.php?go=edit&id=" and "/admin/news.php?go=add" script by
"Upload Photo" , because there isnt set right/correct image extissions .
This can e.g. be exploited to upload a malicious PHP script to a location
inside the web root.
note: To sucessfull vuln. exploitation attacker must have admin access
rights.
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/