by r0t,der4444,cembo,VietMafia

Wednesday, May 24, 2006

eSyndicat Directory Software - Local File Inclusion

discovered by : VietMafia
developer's site:
script: eSyndicat Directory Software 1.2
risk: moderate
status: unpatched

This script has a vuln which can be exploited by malicious people to disclose sensitive information and potentially compromise a vulnerable system.

Input passed to the "path_to_config" parameter in admin/cron.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources.



Successful exploitation requires that "register_globals" is enabled and that "magic_quotes_gpc" is disabled.


Anonymous Simon Gooffin told...

this issue has been fixed long ago

11:40 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew