http://sx02.coresec.de/advisories/153.txt ############ # GW Script 2.50 # # Homepage: http://sentinel.rdw-allianz.de/downloads.php # Affected Version: <= 2.1.4 # Patched Version: / # Date: 23.09.2006 # # Application Risk: High # # Vendor notified : 23.09.2006 # # # Vulnerable found : Sx02 # http://sx02.coresec.de # # ############# # # Vulnerable code in fleet.php # # <?php # require("fleet/config.php"); # $PATH=$CONFIG['internal']['sqlconf']; # require("$PATH/config.php"); # ... # ... # # -------------------------------------------------------- # # $CONFIG['internal']['sqlconf'] is not declared before, so it is vulnerable to remote file # inclusion. # # fleet.php?$CONFIG['internal']['sqlconf']= # # Required : Register Global = on # # -------------------------------------------------------- # # Solution : # # declare variables before including them ! # # -------------------------------------------------------- # # "Everything should be made as simple as possible, but not simpler" # 'Albert Einstein' # ############