exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PHPADSNEW-SA-2005-001.txt

PHPADSNEW-SA-2005-001.txt
Posted Aug 18, 2005
Authored by Matteo Beccati | Site phpadsnew.com

phpAdsNew and phpPgAds versions 2.0.5 and below suffer from arbitrary command execution, SQL injection, and various other flaws.

tags | advisory, arbitrary, sql injection
SHA-256 | f6f37d6d21bfc6b7554889b68c9f913aaca557b529dc0afcabbdf7cc88811289

PHPADSNEW-SA-2005-001.txt

Change Mirror Download
========================================================================
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2005-001
------------------------------------------------------------------------
Advisory ID: PHPADSNEW-SA-2005-001
Date: 2005-Aug-17
Security risk: highly critical
Applications affetced: phpAdsNew, phpPgAds
Versions affected: <= 2.0.5
Versions not affected: >= 2.0.6
========================================================================


========================================================================
Vulnerability 1: arbitrary PHP code execution
------------------------------------------------------------------------
Impact: system access
Where: from remote
========================================================================

Description
-----------
Stefan Esser of the Hardened-PHP Project reported a serious
vulnerablility in the third-party XML-RPC library included with
phpAdsNew and phpPgAds. An attacker could execute arbitrary PHP code on
a vulnerable site.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
http://www.hardened-php.net/advisory_152005.67.html


========================================================================
Vulnerability 2: local file inclusion
------------------------------------------------------------------------
Impact: system access
Where: from remote
========================================================================

Description
-----------
Maksymilian Arciemowicz of the securityreason.com team reported a local
file inclusion vulnerablility in phpAdsNew and phpPgAds, caused by
missing sanitization of a GET variable.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
[phpAdsNew 2.0.5 Local file inclusion cXIb8O3.16]
http://www.securityreason.com/


========================================================================
Vulnerability 3: SQL injection
------------------------------------------------------------------------
Impact: application admin access (+ potential system access)
Where: from remote
========================================================================

Description
-----------
Pine Digital Security reported an SQL injection vulnerablility in
phpAdsNew and phpPgAds, caused by missing sanitization of the clientid
GET variable. The vulnerability seems to be exploitable with MySQL 4.1+
or PostgreSQL to obtain administrator access to the application.
Depending on the database user permissions, an attacker could also gain
access to the local filesystem.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.6.

References
----------
http://www.pine.nl/




Contact informations
====================

The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>



Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close