PHP is a powerful server-side scripting language for creating dynamic and interactive websites.
PHP is the widely-used, free, and efficient alternative to competitors such as Microsoft's ASP. PHP is perfectly suited for Web development and can be embedded directly into the HTML code.
The PHP syntax is very similar to Perl and C. PHP is often used together with Apache (web server) on various operating systems. It also supports ISAPI and can be used with Microsoft's IIS on Windows.

Monday, July 7, 2008

fuzzylime (cms) rss.php Local File Inclusion Vulnerability

Ams has discovered a vulnerability in fuzzylime, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "p" parameter in rss.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

NOTE: The vulnerability can be exploited to execute arbitrary PHP code by including the code/content.php script.

The vulnerability is confirmed in version 3.01a. Other versions may also be affected.

No comments: