ezUpload Pro vuln
Vuln. discovered by : r0t Date: 16 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/ezupload-pro-vuln.html vendor:http://www.scriptscenter.com/ezupload/ affected version: 2.2 and prior
ezUpload Pro is the world's most popular PHP upload solution. Packed with features, installed by over 1300 websites, ezUpload Pro has everything you need to allow secure file uploads to your website today! Download uploaded files via our file browser, through FTP (files are put on separate directories) or even receive them as email attachements. Our comprehesive control panel allows to control the files you accept (based on size, extension & dimensions), the fields of the upload form, the general look of the form, who can access the form and much more. New version 2.2 features user authentification, ability to store data in a MySQL database (storage in files still possible), radio boxes and much more.
1.Input passed to the "mode" in "index.php" parameter isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources.
2.Input passed to the search module paremters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution: Edit the source code to ensure that input is properly sanitised.