|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3038 CVE : CVE-2007-4454 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : imei addmimistrator Published : 22.08.2007
Advisory Content : ——————-Summary———R 12;—- Software: Olate Download Sowtware’s Web Site: http://www.olate.co.uk/ Versions: 3.4.1 Class: Remote Status: Patched Exploit: Available Solution: Available Discovered by: imei addmimistrator Risk Level: High —————–Description———& #8212;— Olate is prone to code execution vulnerability cause of trusting to user supplied inputs in environment.php file, that is a very unusable file in software. Check out lines 86-87, Client Version: < ?php eval("echo $pdo->getAttribute(PDO::ATTR_CLIENT_VERSION);”); ?>getAttribute(PDO::ATTR_CLIENT_VERSION);”); ?>” /> Server Version: < ?php eval("echo $pdo->getAttribute(PDO::ATTR_SERVER_VERSION);”); ?>getAttribute(PDO::ATTR_SERVER_VERSION);”); ?>” /> as you see, outputs of PDO::getAttrinute function contributes in eval() string parameter. Since getAttribute function fetch its values from given database properties-that not stored locally but provided by hacker through a friendly form!!!-, so attacker can give it a fake value that has his PHP commands instead of expected version number. ————–Exploit————̵ 2;——- Suppose this scenario : 1-Attacker has an valid IP, so he can run a server and give others its url. 2-He programs a fake mysql server or perhaps he edit a not compiled version of mysql then compile it and run it on his IP 3-The server returns a string such as 5; exec($_REQUEST’cmd’]); instead of version query that usually returns a string such as :5.0.27-community-log Or like that. 4-Attacker also send his unix commands as url requests . 5-Commands will run simply. Scenario is just theoretical so please don’t ask me for providing exploit because we did not provide full exploits on this site as before. ————–Solution————R 12;—— Delete unusable mentioned file from your server OR upgrade to vendor provided patch. ————–Credit————— ;——– Discovered by: imei addmimistrator addmimistrator(4}gmail(O}com imei(4}Kapda(O}IR imei(4}Kapda(O}net www.myimei.com  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |