Wednesday, January 31, 2007

[ECHO_ADV_63$2007] Cadre remote file inclusion

Author : Ahmad Muammar W.K (a.k.a) y3dips
Date Found : January, 31st 2007
Location : Indonesia, Jakarta
web :
Critical Lvl : Critical

Affected software description:
Application : Cadre
URL : |
Download-path :

Description : Cadre is a PHP framework for developing large business applications.
It currently supports PostgreSQL as the database back end (although
this is extensible).

-----class.Quick_Config_Browser.php ----
include_once($GLOBALS[config][framework_path] . "class.Browser.php");

An attacker can exploit this vulnerability with a simple php injection script.


ana, K-159, the_day, str0ke, waraxe, negative

No comments:

Post a Comment