|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3335 CVE : CVE-2007-5802 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : KiNgOfThEwOrLd Published : 04.11.2007
Advisory Content : --------------------------------------------------------------- ____ __________ __ ____ __ /_ | ____ |_______ _____/ |_ /_ |/ |_ | |/ | | _(__ <_/ ___ __ ______ | __ | | | | |/ ___| | /_____/ | || | |___|___| /__| /______ /___ >__| |___||__| /______| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org Original here: http://www.inj3ct-it.org/exploit/syner.txt --------------------------------------------------------------- Synergiser <= 1.2 RC1 Local File Inclusion & Full path disclosure --------------------------------------------------------------- #By KiNgOfThEwOrLd --------------------------------------------------------------- PoC: --------------------------------------------------------------- Synergiser cms allows to include a file by the get variabile "page". We can't include a remote file, coz there is a filter..but we can include, by a directory traversal, some important files...for example: --------------------------------------------------------------- http://[target]/[synergiser_path]/index.php?page=../../../etc/passwd --------------------------------------------------------------- So, we have to know the script path if we wanna browse the server...we can get it generating a full path disclosure, like this: --------------------------------------------------------------- http://[target]/[synergiser_path]/index.php?page=../index.php --------------------------------------------------------------- We know that a function cannot be declared two times. So, let's read the "index.php" code, and we will found: --------------------------------------------------------------- include('application_top.php'); --------------------------------------------------------------- This row includes "application_top.php". In that page, is declared a php function: assign_rand_value(); So, including index.php in index.php, we will reinclude application_top.php, and we will redeclare the same function. We can't do it! So the server will answer: --------------------------------------------------------------- Fatal error: Cannot redeclare assign_rand_value() (previously declared in [script_path]/application_top.php:9) in [script_path]/application_top.php on line 124 --------------------------------------------------------------- And we got the script path! :P ---------------------------------------------------------------  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |