===========================================================

Title: Vcard Lite Remote Vulnerabilitie
Vulnerability discovery: Disruptor
Date: 11/02/2006
Severity: Remote Users Can Execute Arbitrary Code.
Affected version: <= v2.4
http://www.belchiorfoundry.com/
=

============================================================

* Summary *

VCardLITE is free PHP postcard software.

-------------------------------------------------------------

* Problem Description *

Default installation dont remote install.php
 * Remote users can re-install script: install.php
 * And view login and password of mysql
 * Execute command or php code >).

-------------------------------------------------------------

* Fix *

1-Remove install.php.

----

2-

<?

if(file_exists('install.php')) {
die('remove install.php 0_O');
}

?>

-------------------------------------------------------------

Search: google =x \/ allinurl: /vcardlite24/ /vcardlite23/ /vcardlite22/ /vcardlite21/ /vcardlite20/

* Credits *

Vulnerability reported by Disruptor
Contact disruptor@linuxmail.org


-- 
_______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.

Powered by Outblaze