fluxbb presence of PHP local file inclusion vulnerability-vulnerability warning-the black bar safety net

2013-12-26T00:00:00
ID MYHACK58:62201341577
Type myhack58
Reporter Code_Sec
Modified 2013-12-26T00:00:00

Description

2013-09-27: positive contact vendors and wait for manufacturers to claim, details not open to the public

2013-12-26: the vendors have actively ignored vulnerabilities, the details disclosed to the public

Brief description:

Obviously the local contains

Detailed description:

File: install.php

// If we've been passed a default language, use it

$install_lang = isset($_REQUEST['install_lang']) ? pun_trim($_REQUEST['install_lang']) : 'English';

// If such a language pack doesn't exist, or isn't up-to-date enough to translate this page, default to English

if (! file_exists(PUN_ROOT.'lang/'.$ install_lang.'/ install.php'))

$install_lang = 'English';

require PUN_ROOT.'lang/'.$ install_lang.'/ install.php';

if (file_exists(PUN_ROOT.'config.php'))

{

// Check to see whether FluxBB is already installed

include PUN_ROOT.'config.php';

// If we have the 1.3-legacy constant defined, define the proper 1.4 constant so we don't get an incorrect "need to install" message

if (defined('FORUM'))

define('PUN', FORUM);

// If PUN is defined, config.php is probably valid and thus the software is installed

if (defined('PUN'))

exit($lang_install['Already installed']);

Obviously$install_lang the presence of local file inclusion vulnerabilities, and after the installation the file will not be automatically deleted

Function pun_trim: the

function pun_trim($str, $charlist = false)

{

return is_string($str) ? utf8_trim($str, $charlist) : ";

}

Follow utf8_trim: the

function utf8_trim( $str, $charlist=false)

{

if($charlist === false)

return trim($str);

return utf8_ltrim(utf8_rtrim($str, $charlist), $charlist);

}

The final pun_trim($_REQUEST['install_lang']):

trim($_REQUEST['install_lang'])

So for the exploit doesn't affect the

Vulnerability to prove:

!

Repair solutions:

Best not to fix^_^