phpPrintAnalyzer index.php rep_par_rapport_racine Variable Remote File Inclusion

2006-08-07T04:58:21
ID OSVDB:29133
Type osvdb
Reporter Sh3ll(sh3ll@sh3ll.ir)
Modified 2006-08-07T04:58:21

Description

Vulnerability Description

phpPrintAnalyzer has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the index.php script not properly sanitizing user input supplied to the 'rep_par_rapport_racine' variable. However, subsequent examination indicates the variable can not be controlled by an attacker.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

phpPrintAnalyzer has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the index.php script not properly sanitizing user input supplied to the 'rep_par_rapport_racine' variable. However, subsequent examination indicates the variable can not be controlled by an attacker.

Manual Testing Notes

http://[target]/[phpPrintAnalyzer]/index.php?rep_par_rapport_racine=[Evil Script]

References:

Vendor URL: http://tpequet.free.fr/phpPrintAnalyzer Security Tracker: 1016652 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0305.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0141.html CVE-2006-4061 Bugtraq ID: 19397