Уведомление о безопасности: DGNews v 1.5 File Upload Vuln.

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
  CosmicShoppingCart (search.php) Remote SQL Injection Vulnerability
  [Full-disclosure] [ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability
  [Full-disclosure] Multiple XSS Vulnerabilities in Tikiwiki 1.9.x
  WikiNi Persistent Cross Site Scripting Vulnerability

From: r0t <krustevs_(at)_googlemail.com>
Date: 30 мая 2006 г.
Subject: DGNews v 1.5 File Upload Vuln.

DGNews v 1.5 File Upload Vuln.

###############################################
Vuln. discovered by : r0t
Date: 29 may 2006
vendor:www.diangemilang.com/dgscripts.php
affected versions:v 1.5 and prior
orginal advisory:
http://pridels.blogspot.com/2006/05/dgnews-v-15-file-upload-vuln.html
###############################################

Vuln. Description:

It is possible to upload arbitrary files via the
"/admin/news.php?go=edit&id=" and "/admin/news.php?go=add" script by
"Upload Photo" , because there isnt set right/correct image extissions .
This can e.g. be exploited to upload a malicious PHP script to a location
inside the web root.

note: To sucessfull vuln. exploitation attacker must have admin access
rights.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

test server