admin
08-30-2005, 01:00 PM
AutoLinks Pro
http://www.scriptscenter.com/autolinks/
August 30th, 2005
http://secunia.com/advisories/16620/
Description:
NewAngels Team and 4Degrees have reported a vulnerability in AutoLinks Pro, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "alpath" parameter in "al_initialize.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
NOTE: External files can be included via the "ftp://" URI handler ("http://" and "https://" are filtered).
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been reported in version 2.1. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
Provided and/or discovered by:
NewAngels Team and 4Degrees
http://www.scriptscenter.com/autolinks/
August 30th, 2005
http://secunia.com/advisories/16620/
Description:
NewAngels Team and 4Degrees have reported a vulnerability in AutoLinks Pro, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "alpath" parameter in "al_initialize.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
NOTE: External files can be included via the "ftp://" URI handler ("http://" and "https://" are filtered).
Successful exploitation requires that "register_globals" is enabled.
The vulnerability has been reported in version 2.1. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Set "register_globals" to "Off".
Provided and/or discovered by:
NewAngels Team and 4Degrees