[Vtigercrm-developers] [CRITICAL] possible code injection vulnerability
Enrico Weigelt
weigelt at metux.de
Tue Jun 26 04:38:26 PDT 2007
* Minnie <minnie at vtiger.com> schrieb:
Hi,
> when I try to give module=Leads and action=foo, I got the warning
> message stating that
> Warning: include(modules/Leads/foo.php) [function.include]: failed to open stream: No such file or directory in
The problem is: the name of the codefile to load is built from
$_REQUEST{'module'} and $_REQUEST{'action'}. There are several
ways to trick php with special characters. If including from
URLs is enabled, we have an big fat code injection leak.
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: contact at metux.de
cellphone: +49 174 7066481
---------------------------------------------------------------------
-- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops --
---------------------------------------------------------------------
More information about the vtigercrm-developers
mailing list