Alguest 1.1c-patched Code Execution

2010-12-03T00:00:00
ID PACKETSTORM:96353
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2010-12-03T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
PHP Code Execution in Alguest  
Summary: http://evuln.com/vulns/153/summary.html   
Details: http://evuln.com/vulns/153/description.html   
  
-----------Summary-----------  
eVuln ID: EV0153  
Software: Alguest  
Vendor: n/a  
Version: 1.1c-patched  
Critical Level: high  
Type: PHP Code Execution  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
--------Description--------  
It is possible to inject and execute arbitrary PHP code.  
All options values are written to dati/vars.php file.  
These values dont pass through any sanitation filter.  
Vulnerable script: opzioni.php  
--------PoC/Exploit--------  
PHP Code Execution Example  
All user-defined options may be used for php code injection and execution.  
  
Password: 12345"; echo "PHP Code"; $aaa="  
---------Solution----------  
Not available  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/tool/web-security.html - website security tests  
`