drgs Posted November 27, 2007 Report Posted November 27, 2007 Google dork:"Powered by AMCMS3"Remote File Inclusion---------------------It is possible for a remote attacker to include a file from local orremote resources and/or execute arbitrary script code with theprivileges of the webserver.Proof of Concept:index.php?loadpage=../../../../fileindex.php?loadpage=[evilscript]Solution:Edit the source code to ensure that input is properly validated. Whereis possible, it is recommended to make a list of accepted filenamesand restrict the input to that list.For PHP, the option allow_url_fopen would normally allow a programmerto open, include or otherwise use a remote file using a URL ratherthan a local file path. It is recommended to disable this option fromphp.ini.SQL Injection-------------An attacker may execute arbitrary SQL statements on the vulnerablesystem. This may compromise the integrity of your database and/orexpose sensitive information.Proof of Concept:index.php?blockpage=%2E%2Findex%2Ephp%3Fblockpage%3D1%26cat%3D&cat=[SQL Injection]index.php?blockpage=%2E%2Findex%2Ephp%3Fblockpage%3D1%26cat%3D&cat='Solution:Your script should filter metacharacters from user input.Vendor was contacted by email and didn't not replied. Quote