GWScript2.50.txt

2006-10-03T00:00:00
ID PACKETSTORM:50379
Type packetstorm
Reporter Florian Strankowski
Modified 2006-10-03T00:00:00

Description

                                        
                                            `http://sx02.coresec.de/advisories/153.txt  
  
############  
# GW Script 2.50  
#  
# Homepage: http://sentinel.rdw-allianz.de/downloads.php  
# Affected Version: <= 2.1.4  
# Patched Version: /  
# Date: 23.09.2006  
#  
# Application Risk: High  
#  
# Vendor notified : 23.09.2006  
#  
#  
# Vulnerable found : Sx02  
# http://sx02.coresec.de  
#  
#  
#############  
#  
# Vulnerable code in fleet.php  
#  
# <?php  
# require("fleet/config.php");  
# $PATH=$CONFIG['internal']['sqlconf'];  
# require("$PATH/config.php");  
# ...  
# ...  
#  
# --------------------------------------------------------  
#  
# $CONFIG['internal']['sqlconf'] is not declared before, so it is   
vulnerable to remote file  
# inclusion.  
#  
# fleet.php?$CONFIG['internal']['sqlconf']=  
#  
# Required : Register Global = on  
#  
# --------------------------------------------------------  
#  
# Solution :  
#  
# declare variables before including them !  
#  
# --------------------------------------------------------  
#  
# "Everything should be made as simple as possible, but not simpler"  
# 'Albert Einstein'  
#  
############  
`