Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
The Wireshark 1.0.1 edit
Mozilla the Firefox 2.0.
BlueZ the SDP load handl
WeFi journal file local
IntelliTamper HTML resol
IntelliTamper 2.0.7 (htm
ServerView Web connectio
phpMyAdmin long-distance
Microsoft PowerPoint Vie
DC++ many long-distance
VLC the media player WAV
Wordpress XML-RPC connec
PCRE the pcre_compile.c
BlueZ the SDP load handl
Microsoft Windows DNS se
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
ezContents CMS many loca
Novell iPrint client sid
vBulletin $newpm[title]
Anzio Web Print Object A
IBM WebSphere the Portal
MailScan Web management
After GnuTLS gnutls_hand
Postfix local informatio
HAVP the sockethandler.c
xine-lib more than 1.1.1
IntelliTamper 2.0.7 (htm
IntelliTamper 2.07 (serv
Microsoft IE XHTML exagg
Microsoft IE MHTML agree
Microsoft PowerPoint Vie
ezContents CMS many local documents contain the loophole
  Add date: 10/08/2008   Publishing date: 10/08/2008   Hits: 1
Total 6 pages, Current page:1, Jump to page:
 
Issues the date: 2008-08-25
Renewal date: 2008-08-26

Is affected the system:
VisualShapers ezContents 2.0.3
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30821

ezContents is a section of open source code content management system management system.

ezContents many scripts have not confirmed the input parameter correctly, the long-distance aggressor may through contain the local random resources to cause the execution random code.

1. the /module.php script local document contains the loophole

32-42 line and 141-145 line of loophole codes
--------------------------
#################################################

$GLOBALS [“rootdp”] = '. /';
require_once ($GLOBALS [“rootdp”]. “include/config.php”);
require_once ($GLOBALS [“rootdp”]. “include/db.php”);
require_once ($GLOBALS [“rootdp”]. “include/session.php”);
include_once ($GLOBALS [“rootdp”]. $GLOBALS [“modules_home”]. “modfunctions.php”);


if ((! isset ($HTTP_GET_VARS [“ezSID”])) && (isset ($HTTP_POST_VARS [“ezSID”]))) \
$HTTP_GET_VARS [“ezSID”] = $HTTP_POST_VARS [“ezSID”]; if \
((! isset ($HTTP_GET_VARS [“link”])) && (isset ($HTTP_POST_VARS [“link”])))  \
$HTTP_GET_VARS [“link”] = $HTTP_POST_VARS [“link”];

$HTTP_GET_VARS [“link”] = str_replace ('. /', '', $HTTP_GET_VARS [“link”]);



if (isExternalLink ($HTTP_GET_VARS [“link”])) {
        ECHO 'Remote Code Execution Patch Installed on this implementation of \
ezContents';} else {
        include ($GLOBALS [“rootdp”]. $HTTP_GET_VARS [“link”]);
}

#################################################

in /include/functions.php script's isExternalLink() function uses in inspecting long-distance contains the attempt.  

768-779 lines
-------------------
#################################################

function isExternalLink ($linkref)
{
        if ((substr($linkref,0,5) == 'http:')          || (substr($linkref,0,6) == \
                'https:')   ||
                 (substr($linkref,0,5) == 'file:')              || \
                (substr($linkref,0,4) == 'ftp:')             ||
                 (substr($linkref,0,7) == 'gopher:')    || (substr($linkref,0,7) == \
                'mailto:')  ||
                 (substr($linkref,0,5) == 'news:')              || \

 
Other pages: : 1 * 2 * 3 * 4 * 5 * 6 * Next>>
Prev:Novell iPrint client side ActiveX controls a security loophole

Comment:

Category: Home > System crack
Home