Next Page >>
Local File Inclusion
Summary:
A) Remote Code Execution (RCE) Vulnerability
B) Cross Site Request Forgery (CSRF) Vulnerabilities
C) Local File Inclusion (LFI) Vulnerability
D) Cross Side Scripting (XSS) Vulnerability
A) Remote Code Execution (Windows Only) Vulnerability
A Remote Code Execution vulnerability exists in Vtiger CRM version
Francesco "ascii" Ongaro (ascii AT ush DOT it)
Alessandro "jekil" Tanasi (alessandro AT tanasi DOT it)
Date 20090725
I) Introduction
II) PHP arbitrary Local File Inclusion testing
III) PHP arbitrary Local File Inclusion results
IV) PHP arbitrary File Open testing
V) PHP arbitrary File Open results
VI) PHP arbitrary Remote File Upload testing
VII) PHP arbitrary Remote File Upload results
Vulnerable Version(s): 1.2.1 and probably prior
Tested Version: 1.2.1
Vendor Notification: 25 April 2012
Vendor Patch: 18 May 2012
Public Disclosure: 23 May 2012
Vulnerability Type: Local File Inclusion, Cross-Site Scripting (XSS)
CVE References: CVE-2012-2435, CVE-2012-2436
Solution Status: Fixed by Vendor
Risk Level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.com/advisory/ )
Vulnerable Version(s): 5.1.5 and probably prior
Tested Version: 5.1.5
Vendor Notification: 11 April 2012
Vendor Patch: 16 April 2012
Public Disclosure: 2 May 2012
Vulnerability Type: Local File Inclusion
CVE Reference(s): CVE-2012-2227
Solution Status: Fixed by Vendor
Risk Level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.com/advisory/ )
Summary:
A) Remote Code Execution
B) Cross Site Request Forgery
C) Local File Inclusion
A) Remote Code Execution
A Remote Code Execution issue has been found in Zabbix version
1.6.2 and no authentication is required in order to exploit this
III. ANALYSIS
Summary:
A) Remote Code Execution (RCE) Vulnerability
B) Local File Inclusion (LFI) Vulnerability (pre-auth)
C) Cross Site Scripting (XSS) Vulnerabilities (pre-auth, reflected)
D) Cross Site Scripting (XSS) Vulnerabilities (post-auth, reflected)
A) Remote Code Execution (RCE) Vulnerability
III. ANALYSIS
Summary:
A) Local File Inclusion
B) Multiple Blind SQL Injection
A) Local File Inclusion
Security Advisory
-----------------
FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution
Researcher Information
----------------------
Discovered by: Giuseppe `Zmax` Fuggiano
Website: http://www.giusef.net
Contact: giuseppe(dot)fuggiano(at)gmail(dot)com
[+] Version: 1.3.1
[+] Website: http://sourceforge.net/projects/cbblog/
[+] Bugs: [A] SQL Injection
[B] Authentication Bypass
[C] Local File Inclusion
[+] Exploitation: Remote
[+] Date: 03 Mar 2009
[+] Discovered by: Salvatore "drosophila" Fresta
Jgrid 1.0 Joomla Component Local File Inclusion Vulnerability
Name Jgrid
Vendor http://datagrids.clubsareus.org
Versions Affected 1.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-14
III. ANALYSIS
_____________
Summary:
A) Local File Inclusion
B) Multiple Blind SQL Injection
A) Local File Inclusion
_______________________
[+] Application: Multi-lingual E-Commerce System
[+] Version: 0.2
[+] Website: http://sourceforge.net/projects/mlecsphp/
[+] Bugs: [A] Local File Inclusion
[B] Information Disclosure
[C] Arbitrary File Upload
[+] Exploitation: Remote
[+] Date: 19 Apr 2009
[+] Application: Malleo
[+] Version: 1.2.3
[+] Website: http://www.malleo-cms.com
[+] Bugs: [A] Local File Inclusion
[+] Exploitation: Remote
[+] Date: 17 Apr 2009
[+] Discovered by: Salvatore "drosophila" Fresta
[+] Version: 1.3.1
[+] Website: http://sourceforge.net/projects/cbblog/
[+] Bugs: [A] SQL Injection
[B] Authentication Bypass
[C] Local File Inclusion
[+] Exploitation: Remote
[+] Date: 03 Mar 2009
[+] Discovered by: Salvatore "drosophila" Fresta
Vulnerable Version(s): 1.1.3 and probably prior
Tested Version: 1.1.3
Vendor Notification: 25 January 2012
Vendor Patch: 4 February 2012
Public Disclosure: 15 February 2012
Vulnerability Type: Local File Inclusion, SQL Injection, Cross Site Scripting (XSS)
Solution Status: Fixed by Vendor
Risk Level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
-----------------------------------------------------------------------------------------------
[+] Application: webEdition
[+] Version: <= 6.0.0.4
[+] Website: http://www.webedition.de
[+] Bugs: [A] Local File Inclusion
[+] Exploitation: Remote
[+] Date: 31 Mar 2009
[+] Discovered by: Salvatore "drosophila" Fresta
>
> Summary:
>
> A) Remote Code Execution
> B) Cross Site Request Forgery
> C) Local File Inclusion
>
> A) Remote Code Execution
>
> A Remote Code Execution issue has been found in Zabbix version
> 1.6.2 and no authentication is required in order to exploit this
Summary:
A) Multiple Blind SQL Injection
B) Multiple Arbitrary File Upload
C) Local File Inclusion
A) Blind SQL Injection
All field that I tested are vulnerable to Blind SQL
Injection.
Vendor: 11in1
Vulnerable Version(s): 1.2.1 stable 12-31-2011 and probably prior
Tested Version: 1.2.1 stable 12-31-2011
Vendor Notification: 25 January 2012
Public Disclosure: 15 February 2012
Vulnerability Type: Local File Inclusion, Сross-Site Request Forgery (CSRF)
Risk Level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
-----------------------------------------------------------------------------------------------
Zen Cart 1.3.9h Local File Inclusion Vulnerability
Name Zen Cart
Vendor http://www.zen-cart.com
Versions Affected 1.3.9h
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-11-03
Summary:
A) Authentication Bypass
B) Arbitrary File Upload
C) Local File Inclusion
D) SQL Injection
A) Authentication Bypass
________________________
[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0
===============================================================================
Author: Janek Vind "waraxe"
Date: 12. April 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-86.html
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2226
2. Vulnerability Information
------------------------------------------------------------------------------------------------------------------------
Class: Cross Site Request Forgery, Cross Site Scripting, File Path
Disclosure, Local File Inclusion, Authentication Bypass and PHP Command
Injection
Remotely Exploitable: Yes
Locally Exploitable: No
10.02.2010 - informed developers.
07.04.2010 - disclosed at my site.
-----------------------------
Details:
These are SQL Injection, Local File Inclusion, Directory Traversal and Full
path disclosure vulnerabilities.
SQL Injection:
http://site/?fun=-1%20or%20version()%3E4
Hello Bugtraq!
I want to warn you about Cross-Site Scripting and Local File Inclusion
vulnerabilities in W-Agora. In addition to vulnerabilities in this system
which I found and disclosed in 2006 (SecurityVulns ID: 6960).
-------------------------
Affected products:
-------------------------
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
<?php
// I'm a classic LFI (Local File Inclusion) vulnerabiltiy!
include("includes/".$_GET['library'].".php");
?>
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
Small addition to the advisory.
Tue, Mar 03, 2009 at 03:30:26PM +0000, ascii wrote:
> Zabbix 1.6.2 Frontend Multiple Vulnerabilities
[...]
> C) Local File Inclusion
>
> If the user is authenticated, a Local File Inclusion vulnerability
> exists in file "locales.php".
>
> The following URL exploits this vulnerability:
#
# AmnPardaz Security Research & Penetration Testing Group
#
# Title: Jupiter Cms Multiple Vulnerabilities
# Vendor: http://www.jupiterportal.com
# Bugs: Local File Inclusion, Privileges Escalation
# Vulnerable Version: 1.1.5ex (prior versions also may be affected)
# Exploitation: Remote with browser
# Exploit: Available
# Fix Available: No!
###################################################################################
1. OVERVIEW
Open-Realty 2.5.8 and lower versions are vulnerable to Local File Inclusion.
2. BACKGROUND
Open-Realty is the world's leading real estate listing marketing and
management CMS application, and has enjoyed being the real estate web
site software of choice for professional web site developers since
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: phpList Local File inclusion
# Vendor: http://www.phplist.com
# Bug: Local File Inclusion
# Vulnerable Version: 2.10.8 (prior versions also may be affected)
# Exploitation: Remote with browser
# Fix: N/A
Next Page>>
|
