Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:8 января 2007 г.
Источник:
SecurityVulns ID:7017
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:ALLMYGUESTS : AllMyGuests 3.0
 L2J : L2J Statistik Script 0.09
 ALLMYLINKS : AllMyLinks 0.5
 ALLMYVISITORS : AllMyVisitors 0.4
CVE:CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.)
 CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.)
 CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.)
 CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.)
Оригинальный текстdocumentbd0rk_(at)_hackermail.com, AllMyVisitors 0.4.0 File Inclusion Vulnerability (08.01.2007)
 documentGolD_M, AllMyLinks <= 0.5.0 (index.php) Remote File Include Vulnerability: (08.01.2007)
 documentbeks, AllMyGuests 3.0 Remote File Inclusion Vulnerability (08.01.2007)
Файлы:L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород