PhpHostBot *svr_rootscript* File Inclusion

Posted on Thursday, August 09, 2007 @ 20:08:59 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA26356

VERIFY ADVISORY: http://secunia.com/advisories/26356/

CRITICAL: Highly critical

IMPACT: Exposure of system information, Exposure of sensitive information, System access

WHERE: >From remote

SOFTWARE: PhpHostBot 1.x - http://secunia.com/product/11107/

DESCRIPTION: M. Hasran Addahroni has reported a vulnerability in PhpHostBot, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "svr_rootscript" parameter in order/login.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is reported in version 1.06. Prior versions may also be affected.

SOLUTION: Update to version 1.07. - http://www.idevspot.com/PhpHostBot.php

PROVIDED AND/OR DISCOVERED BY: M. Hasran Addahroni

ORIGINAL ADVISORY: http://milw0rm.com/exploits/4267
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 352,965,448
  • Today: 63,394
Server InfoServer Info
  • Apr 24, 2018
  • 07:36 pm PDT
 
 

Daily Inspiration