SecurityAlert : 3783 CVE : CVE-2008-1537 SecurityRisk : Medium (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Digital Security Research Group Published : 29.03.2008
Affected Software :
PowerBook 1.21
Advisory Content :
Hello, bugtraq.
[DSECRG-08-031] Digital Security Research Group [DSecRG] Advisory
Application: PowerBook
Versions Affected: 1.21
Vendor URL: http://www.powerscripts.org/
Bug: Local File Include
Exploits: YES
Reported: 01.02.2008
Vendor Response: none
Solution: none
Date of Public Advisory: ..2008
Author: Digital Security Research Group [DSecRG]
(research [at] dsec [dot] ru)
Description
***********
Local File Include vulnerability found in script
pb_inc/admincenter/index.php
Non-authentication user can directly access to this script.
To exploit this vulnerability REGISTER_GLOBALS option must be ON in php
config file.
Digital Security is leading IT security company in Russia, providing
information security consulting, audit and penetration testing services,
risk analysis and ISMS-related services and certification for ISO/IEC
27001:2005 and PCI DSS standards. Digital Security Research Group focuses
on web application and database security problems with vulnerability
reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsec [dot] ru
http://www.dsec.ru (in Russian)
--
Alexandr Polyakov
DIGITAL SECURITY RESEARCH GROUP
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.