[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    PhpList Sql Injection and Path Disclosure
From:       thegreatone2176 () yahoo ! com
Date:       2005-07-28 0:01:05
Message-ID: 20050728000105.14455.qmail () securityfocus ! com
[Download RAW message or body]

-----------------------------------------
PhpList Sql Injection and Path Disclosure
-----------------------------------------

Vulnerabilities
---------------

1) There is an sql injection in the id parameter of \
public_html/lists/admin/?page=admin&id=INJECT HERE

2) Because of the heavy use of classes without proper checking of whether the script \
is directly called there is many path disclosures. The following pages are all \
affected under the preceding directory.

public_html/lists/admin:
about.php
connect.php
domainstats.php
usercheck.php

admin/commonlib/pages:
attributes.php
dbcheck.php
importcsv.php
user.php
usermgt.php
users.php

public_html/lists/admin/plugins:
helloworld.php
sidebar.php

public_html/lists/admin/plugsins/defaultplugin:
main.php

Solution
--------

1) cleanse the id parameter before processing

2) check to see if the script is being directly called and then have the script die

Credit
------

thegreatone2176@yahoo.com


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic