LinPHA sec_stage_install.php language Variable Local File Inclusion

2006-02-11T08:02:40
ID OSVDB:23114
Type osvdb
Reporter OSVDB
Modified 2006-02-11T08:02:40

Description

Technical Description

This ability to include non PHP files is only present when the magic_quotes_gpc PHP option is 'off'.

Solution Description

Upgrade to version 1.1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/[path]/install/sec_stage_install.php?whatlang=1&language=/../../../../../../test http://[target]/[path]/install/sec_stage_install.php?whatlang=1&language=/../../../../../../etc/passwd%00

References:

Vendor URL: http://linpha.sourceforge.net/nuke/ Vendor Specific News/Changelog Entry: http://cvs.sourceforge.net/viewcvs.py/linpha/linpha/ChangeLog?view=markup Secunia Advisory ID:18808 Related OSVDB ID: 23113 Related OSVDB ID: 23112 Related OSVDB ID: 23115 Related OSVDB ID: 23116 Other Advisory URL: http://retrogod.altervista.org/linpha_10_local.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0161.html FrSIRT Advisory: ADV-2006-0535 CVE-2006-0713 Bugtraq ID: 16592