|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA19482] SQuery "libpath" Multiple File Inclusion Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Apr 03 2006 - 09:47:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
SQuery "libpath" Multiple File Inclusion Vulnerabilities
SECUNIA ADVISORY ID:
SA19482
VERIFY ADVISORY:
http://secunia.com/advisories/19482/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
SQuery 4.x
http://secunia.com/product/9130/
DESCRIPTION:
uid0 has discovered some vulnerabilities in SQuery, which can be
exploited by malicious people to compromise a vulnerable system.
Input passed to the "libpath" parameter in multiple files in "lib/"
is not properly verfied before being used to include files. This can
be exploited to execute arbitrary PHP code by including PHP scripts
from external or local resources.
The following files in "lib/" are affected:
armygame.php
ase.php
devi.php
doom3.php
et.php
flashpoint.php
gameSpy.php
gameSpy2.php
gore.php
gsvari.php
halo.php
hlife.php
hlife2.php
igi2.php
main.lib.php
netpanzer.php
old_hlife.php
pkill.php
q2a.php
q3a.php
qworld.php
rene.php
rvbshld.php
savage.php
simracer.php
sof1.php
sof2.php
unreal.php
ut2004.php
vietcong.php
Successful exploitation requires that "register_globals" is enabled.
The vulnerabilities have been confirmed in version 4.5. Other
versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verfied.
PROVIDED AND/OR DISCOVERED BY:
uid0
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/1629
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]