boastMachine vote.php bmc_dir Variable Remote File Inclusion

2006-06-13T16:31:54
ID OSVDB:27674
Type osvdb
Reporter SpC-x(spc-x@bsdmail.org)
Modified 2006-06-13T16:31:54

Description

Vulnerability Description

boastMachine has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the vote.php script not properly sanitizing user input supplied to the 'bmc_dir' variable. However, subsequent evaluation indicates the variable is set to a static value in the config.php script and can not be manipulated by an attacker.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

boastMachine has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the vote.php script not properly sanitizing user input supplied to the 'bmc_dir' variable. However, subsequent evaluation indicates the variable is set to a static value in the config.php script and can not be manipulated by an attacker.

Manual Testing Notes

http://[target]/boastMachine/vote.php?bmc_dir=Command-Shell

References:

Vendor URL: http://boastology.com/ Other Advisory URL: http://www.security.nnov.ru/Ndocument122.html Other Advisory URL: http://www.root-security.org/danger/boastMachine.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0242.html Mail List Post: http://attrition.org/pipermail/vim/2006-June/000855.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0388.html Bugtraq ID: 18415