java

Multiple vulnerabilities reported in Really Simple PHP and Ajax

Filed in archive AJAX by gautam on April 5, 2007

Multiple vulnerabilities reported in Really Simple PHP and Ajax

Hamid Ebadi has identified multiple vulnerabilities in the case of Really Simple PHP and Ajax or RSPA which hackers could exploit for executing arbitrary commands. This is a high risk vulnerability which can be remotely exploited.

The first security issue is due to input validation errors in framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of _IncludeFilePHPClass and _ClassPath parameters which remote attackers could exploit for inclusion of malicious scripts and execution of arbitrary commands. The second one is caused due to input validation errors in the framework/Controller_v5.php and framework/Controller_v4.php scripts while processing of the __class parameter which remote hackers could exploit for including or disclosing the local file contents with the privileges of the web server.

RSPA 2007-03-23 and earlier versions have been affected by the vulnerability. No details are available as of now regarding any official patch for plugging the hole.

Related Entries:

A Simple Way To Work With Ajax Through WebOS AppsBuilder - 20 October 2006
Ajax and the Security Challenges Posed - 23 October 2006
Server Side Vulnerability Reported In AJAX - 05 January 2007
Create rich component-oriented Ajax interfaces in Java using... - 04 April 2007
Multiple vulnerabilities reported in Sun JDK and JRE - 03 June 2007
Forty plus simple and useful Ajax applications - 08 October 2007

« Create rich component-ori... | Main | Ajax based Yahoo Alpha go... »

Permalink: Multiple vulnerabilities reported in Really Simple PHP and Ajax

Tags: RSPA Really Simple PHP and Ajax security vulnerability ajax really+simple

Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/61744

Addthis

Ask

Blinklist

del.icio.us

Digg

Fark

Facebook

Google

Lycos

Ma.gnolia

Add this page to Mister Wong

Mr Wong

Netscape

Netvousz

Newsvine

Reddit

StumbleUpon

Slashdot

Tailrank

Technorati

Wink

Yahoo

Vote for Multiple vulnerabilities reported in Really Simple PHP and Ajax:

Currently 8.67/10
1
2
3
4
5
6
7
8
9
10

Rating: 8.67 out of 3 vote(s) cast.

Add your response to Multiple vulnerabilities reported in Really Simple PHP and Ajax:

Name: *

Email: (will never be shown)*

URL:

(* marked fields are required)

Notify me if more comments appear?

Subscribe to Java Entrepreneur newsletter? (Newsletters are sent out weekly).

Remember me

Security Code: *
(Please help us to sort out spam.)

Please enter your comment here: (Sorry, no HTML is allowed - URLs will be made clickable automatically if you add http:// to your URL.)

We welcome your comments, however all comments are moderated. Offensive or off-topic comments will be deleted and not displayed.

Share It

Use the search to look for other interesting posts

Popular posts from our other blogs:

RSS	See all blog subscribe options
Google	What is RSS?
Yahoo!
Addthis
Bloglines
Newsletter
Twitter	Follow us on Twitter!

Tagcloud

Categories

Most popular

Archives

March 2010 (3)
February 2010 (8)
January 2010 (5)
December 2009 (4)
November 2009 (6)
October 2009 (6)
September 2009 (4)
More

Advertise with us

Interested in sponsoring this site? Learn more about all our advertising options or email advertising - at - creative-weblogging.com or give us a call at +1 (650) 331 4900.

Contributors (Last 90 days)

Donald Greg (1)
Shawn Hessinger (2)
Jeff Goldman (11)
Creative Weblogging (4)

This site has 732 entries and is powered by Creative Weblogging since September 2005.

Recent Comments

Our Editors recommend

Disclaimer

Creative Commons License

Some of the contents of this site are protected Creative Weblogging Inc. 2004-2010.

Check out our Sponsored Blogs!

Business Computer Blog (UK)

Are you interested in writing a blog in our network?

See which positions are currently open.

Testimonials

'Great looking blog. Good quality posts with useful information.'

Other blogs in the same channel in the Creative Weblogging Network: Technology

BlogWealth

The CIO Weblog

HackITLinux

Googlestack

Nanotechbuzz

On Storage

P2P File Sharing

P2P File Sharing

The VoIP Weblog

The VoIP Weblog

About the company | Advertise with us | Disclaimer | Privacy Policy | Refund/Return Policy | Memcache Hosting | Domain Search | People Search | Breaking News | Gourmet Lunch

All Creative Weblogging sites are built in accordance with the Google Webmaster Guidelines and IAB guidelines.