Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln

WARNING! Fake news / Disputed / BOGUS

Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln

2007.03.23

Credit: BorN To K!LL

Risk: High

Local: No

Remote: Yes

CVE: CVE-2007-1603 | CVE-2007-1602 | CVE-2007-1601

CWE: N/A

> +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
>
> Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln
>
> Script: Weekly Drawing Contest
>
> Version: 0.0.1
>
> S!Te: http://www.hotscripts.com/jump.php?listing_id=52638&jump_type=1
>
> Discover: BorN To K!LL
>
This one is so blatantly bogus, I hesitate to even comment on it for
fear of giving it legitimacy.
It might be possible to use $order to do remote SQL injection, but local
file exposure? I don't see it. $order isn't used in any include,
require, or other method that would expose it to the vulnerability claimed.
Additionally, as a legitimate exploit for this application, it is
possible to by pass the admin authentication by accessing the included
contest.php in the admin folder directly (not using the index.php).
Granted this application is almost 3 years old, and could very easily be
argued that it is a dead and unsupported.
Tom Walsh
Express Web Systems, Inc.
http://www.expresswebsystems.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.