GW Script 250 versions 2.1.4 and prior suffer from a remote file inclusion vulnerability if register_globals = on.
580310b39fecb2b4ca21d7059334193chttp://sx02.coresec.de/advisories/153.txt
############
# GW Script 2.50
#
# Homepage: http://sentinel.rdw-allianz.de/downloads.php
# Affected Version: <= 2.1.4
# Patched Version: /
# Date: 23.09.2006
#
# Application Risk: High
#
# Vendor notified : 23.09.2006
#
#
# Vulnerable found : Sx02
# http://sx02.coresec.de
#
#
#############
#
# Vulnerable code in fleet.php
#
# <?php
# require("fleet/config.php");
# $PATH=$CONFIG['internal']['sqlconf'];
# require("$PATH/config.php");
# ...
# ...
#
# --------------------------------------------------------
#
# $CONFIG['internal']['sqlconf'] is not declared before, so it is
vulnerable to remote file
# inclusion.
#
# fleet.php?$CONFIG['internal']['sqlconf']=
#
# Required : Register Global = on
#
# --------------------------------------------------------
#
# Solution :
#
# declare variables before including them !
#
# --------------------------------------------------------
#
# "Everything should be made as simple as possible, but not simpler"
# 'Albert Einstein'
#
############
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!