PHP Real Estate Classifieds *loc* File Inclusion

Posted on Wednesday, June 13, 2007 @ 19:01:21 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA25615

VERIFY ADVISORY: http://secunia.com/advisories/25615/

CRITICAL: Highly critical

IMPACT: Exposure of system information, Exposure of sensitive information, System access

WHERE: >From remote

REVISION: 1.1 originally posted 2007-06-13

SOFTWARE: PHP Real Estate Classifieds - http://secunia.com/product/14523/

DESCRIPTION: not sec group has reported a vulnerability in PHP Real Estate Classifieds, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "loc" parameter in admin/header.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled.

SOLUTION: Apply the vendor's security patch: http://phprealestatescript.com/securityUpdate_06_12_07.zip

PROVIDED AND/OR DISCOVERED BY: not sec group

CHANGELOG: 2007-06-13: Added CVE reference.

ORIGINAL ADVISORY: http://milw0rm.com/exploits/4055
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 364,705,929
  • Today: 70,628
Server InfoServer Info
  • Aug 21, 2018
  • 09:20 pm PDT
 
 

Daily Inspiration