AOH :: HP Unsorted C :: C07-2191.HTM

Cadre remote file inclusion
Cadre remote file inclusion
Cadre remote file inclusion

[ECHO_ADV_63$2007] Cadre remote file inclusion

Author		: Ahmad Muammar W.K (a.k.a) y3dips
Date Found	: January, 31st 2007
Location	: Indonesia, Jakarta
web		: 
Critical Lvl	: Critical

Affected software description:

Application   : Cadre
URL : | 
Download-path : 

Description   : Cadre is a PHP framework for developing large business applications. 
		It currently supports PostgreSQL as the database back end (although 
		this is extensible). We (Cronosys, LLC) have invested two and a half 
		years in this framework and applications based on this framework.



--------class.Quick_Config_Browser.php --------
	include_once($GLOBALS[config][framework_path] . "class.Browser.php");

	An attacker can exploit this vulnerability with a simple php injection script.



~ my lovely ana
~ k-159 (my greatest brotha), the_day (young evil thinker), and all echo staff
~ str0ke, waraxe, negative
~ #e-c-h-o 


     y3dips|| echo|staff || y3dips[at]gmail[dot]com

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to