Nodez index.php op Variable Traversal Local File Inclusion

2006-03-09T13:02:34
ID OSVDB:23774
Type osvdb
Reporter Hamid Ebadi(admin@hamid.ir)
Modified 2006-03-09T13:02:34

Description

Vulnerability Description

Nodez contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index.php script not properly sanitizing user input supplied to the 'op' variable. This may allow an attacker to include a file from the local system via traversal type calls (../../) that contains arbitrary commands which will be executed by the vulnerable script.

A remote attacker can inject custom PHP commands by including them in the Email field during new account registration.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Nodez contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index.php script not properly sanitizing user input supplied to the 'op' variable. This may allow an attacker to include a file from the local system via traversal type calls (../../) that contains arbitrary commands which will be executed by the vulnerable script.

A remote attacker can inject custom PHP commands by including them in the Email field during new account registration.

Manual Testing Notes

http://[target]/nodez/?node=system&op=/../../cache/users/list.gtdat%00&cmd=dir

References:

Vendor URL: http://nodez.greentinted.com/ Security Tracker: 1015747 Secunia Advisory ID:19165 Related OSVDB ID: 23775 Related OSVDB ID: 23776 Other Advisory URL: http://hamid.ir/security/nodez.txt ISS X-Force ID: 25119 FrSIRT Advisory: ADV-2006-0899 CVE-2006-1162 Bugtraq ID: 17066