[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: PhpList Sql Injection and Path Disclosure
From: thegreatone2176 () yahoo ! com
Date: 2005-07-28 0:01:05
Message-ID: 20050728000105.14455.qmail () securityfocus ! com
[Download RAW message or body]
-----------------------------------------
PhpList Sql Injection and Path Disclosure
-----------------------------------------
Vulnerabilities
---------------
1) There is an sql injection in the id parameter of \
public_html/lists/admin/?page=admin&id=INJECT HERE
2) Because of the heavy use of classes without proper checking of whether the script \
is directly called there is many path disclosures. The following pages are all \
affected under the preceding directory.
public_html/lists/admin:
about.php
connect.php
domainstats.php
usercheck.php
admin/commonlib/pages:
attributes.php
dbcheck.php
importcsv.php
user.php
usermgt.php
users.php
public_html/lists/admin/plugins:
helloworld.php
sidebar.php
public_html/lists/admin/plugsins/defaultplugin:
main.php
Solution
--------
1) cleanse the id parameter before processing
2) check to see if the script is being directly called and then have the script die
Credit
------
thegreatone2176@yahoo.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic