|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Advanced Poll Execution of Arbitrary Code
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Oct 27 2003 - 08:16:39 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Advanced Poll Execution of Arbitrary Code
SECUNIA ADVISORY ID:
SA10068
VERIFY ADVISORY:
http://www.secunia.com/advisories/10068/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, System access
WHERE:
From remote
SOFTWARE:
Advanced Poll 2.x
DESCRIPTION:
Multiple vulnerabilities have been reported in Advanced Poll allowing
malicious people to execute arbitrary code.
1) The "id", "template_set", and "action" parameters are not properly
verified before being used in an "eval()" function call. This allows
malicious people to supply arbitrary PHP code like "";[CODE]//".
2) The scripts "booth.php", "png.php", "poll_ssi.php", and
"popup.php" fail to verify the "include_path" parameter allowing
malicious people to include "include/config.inc.php" and
"include/class_poll.php" from local and remote resources.
3) The include file "admin/common.inc.php" fails to verify the
"base_path" parameter allowing malicious people to include
"lang/english.php" from local and remote resources. This may be
exploited through multiple scritps in "/admin".
4) The script "misc/info.php" calls "phpinfo()", which returns many
system details.
The vulnerabilities have been reported in version 2.0.2. Prior
versions may also be affected.
SOLUTION:
Edit the code so that input is properly verified.
Remove "misc/info.php" or restrict access so that only trusted users
can access the script.
REPORTED BY / CREDITS:
Frog Man
ORIGINAL ADVISORY:
http://www.phpsecure.info/v2/tutos/AdvancedPoll2.0.2.txt
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]