Bugtraq mailing list archives
[eVuln] phpBook PHP Code Execution
From: alex () evuln com
Date: 1 Jan 2006 23:00:48 -0000
New eVuln Advisory: phpBook PHP Code Execution --------------------Summary---------------- Software: phpBook (http://sourceforge.net/projects/phpbook/) Versions: 1.3.2 and earlier Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (alex () evuln com) Published: 2005.12.29 eVuln ID: EV0006 -----------------Description-------------- Vulnerable scripts: index.php All posted data saving in PHP-file. Variable $mail isn't properly sanitized and may contain any PHP Code. --------------Exploit--------------------- Posting new message. E-mail field: qwe@<? anyphpcode(); ?>.com --------------Solution--------------------- No Patch available. --------------Credit--------------------- Original Advisory: http://evuln.com/vulns/6/summary.html Discovered by: Aliaksandr Hartsuyeu (alex () evuln com)
Current thread:
- [eVuln] phpBook PHP Code Execution alex (Jan 03)