 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 216
 Members: 0
 Total: 216
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Local *.php file inclusion and full path disclosure in BXCP |
|
 Posted: Mon May 09, 2005 9:16 pm |
 |
|
| FistFucker |
| Regular user |
 |
|
| Joined: May 06, 2005 |
| Posts: 21 |
|
|
|
 |
|
 |
|
Here is an old advisory for BXCP, a small CMS for clans. I know my fix is scrap, so please update to a higher version and don't use my source code! There are also a few undiscovered SQL injections, full path disclosures and cross site scriptings in this CMS. Maybe I will release a second advisory, or do you it if you are interested and faster than me. ;-)
| Code: |
Title: Local *.php file inclusion and full path disclosure in BXCP <= 0.2.9.7
Author: [OfB|FistFucker]
Contact: http://www.ofb-clan.de/
#ofb-clan at irc.quakenet.org:6667
1. Local *.php file inclusion:
---------------------------------
Because of no user input validation in 'index.php' it's possible to include
every local *.php file. Let's take a look at the most important part of the
source code:
~~ SOURCE CODE ~~~~~~~~~~~~~~~~~~~~~~~~
$show = $_REQUEST['show'];
require ("config.php");
if (!file_exists("show/$show.php"))
{
$notfound = $show;
$show = 'error';
}
$page = "show/$show.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ END ~~
Yeah, there is no validation of the variable '$show'. So we can easily access
every local file ending with '.php', also in restricted directories like
htaccess. We can easily jump outside the 'show' directory and include every
file ending with '.php'!
Example URL: http://www.rz-liga.com/index.php?show=../intern/board/common
Don't worry about the response "Hacking attempt". It's just a die() message
from 'common.php' of their htaccess protected phpBB. ;-)
2. Full path disclosure:
---------------------------
And by including the 'index.php' into itself with the above vulnerability we
can cause a full path disclosure.
Example URL: http://www.rz-liga.com/index.php?show=../index
3. Let's fix that shit! =)
-----------------------------
Just replace in 'index.php':
~~ SOURCE CODE ~~~~~~~~~~~~~~~~~~~~~~~~
$show = $_REQUEST['show'];
if(ereg("\.\.", $show))
{
$show = '';
}
require ("config.php");
if (!file_exists("show/$show.php"))
{
$notfound = $show;
$show = 'error';
}
$page = "show/$show.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ END ~~
4. Greetings:
----------------
Greetings fly out to all members of OfB-Clan that know me. And sorry for the
events that occured at and after the 25th December. Please forgive me and
please stop seeing me as a criminal kiddie. Better see me as a guardian! =D
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> All other software
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
