Advanced Poll /admin/admin_edit.php Traversal Arbitrary Local File Inclusion

2003-10-25T09:13:47
ID OSVDB:25186
Type osvdb
Reporter Frog Man(leseulfrog@hotmail.com)
Modified 2003-10-25T09:13:47

Description

Vulnerability Description

Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_edit.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_edit.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.

References:

Vendor URL: http://www.proxy2.de/scripts.php Secunia Advisory ID:10068 Related OSVDB ID: 2743 Related OSVDB ID: 3291 Related OSVDB ID: 3292 Related OSVDB ID: 25174 Related OSVDB ID: 25176 Related OSVDB ID: 25187 Related OSVDB ID: 25173 Related OSVDB ID: 25178 Related OSVDB ID: 25179 Related OSVDB ID: 25182 Related OSVDB ID: 25183 Related OSVDB ID: 25184 Related OSVDB ID: 25175 Related OSVDB ID: 25177 Related OSVDB ID: 25180 Related OSVDB ID: 25185 Related OSVDB ID: 25181 Other Advisory URL: http://packetstormsecurity.nl/0310-exploits/php.advanced.poll.txt Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html Other Advisory URL: http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt Nessus Plugin ID:11487 ISS X-Force ID: 13514 CVE-2003-1180 Bugtraq ID: 8890