Advertisement
Home arrow ITsec Advisories arrow AproxEngine "page" Local File Inclusion Vulnerability
Saturday, 06 September 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  9805  66.00%
Win 2003  3599  24.22%
Win 2000  935  6.29%
FreeBSD  338  2.28%
SolarisSunOS  102  0.69%
Other  78  0.53%

Total attacks: 14857 of which 4675 single ip and 10182 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
AproxEngine "page" Local File Inclusion Vulnerability PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Marcelo Almeida (Vympel)   
Tuesday, 24 June 2008

SkyOut has discovered a vulnerability in AproxEngine, which can be exploited by malicious people to disclose potentially sensitive information.

Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

The vulnerability is confirmed in version 5.1.0.4. Other versions may also be affected...

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
SkyOut

Original Advisory:
http://milw0rm.com/exploits/5884

Original Article:
http://secunia.com/advisories/30800/
 


Comments Index (Total Messages: 1)
... Written by thechosenone on 2008-08-29 08:28:02

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!