adobe php sdk CachedGateway.php AMFPHP_BASE Variable Remote File Inclusion

2006-10-24T03:15:44
ID OSVDB:31166
Type osvdb
Reporter OSVDB
Modified 2006-10-24T03:15:44

Description

Vulnerability Description

adobe php sdk has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the CachedGateway.php script not properly sanitizing user input supplied to the 'AMFPHP_BASE' variable. However, this variable is a constant is set prior to an attacker supplying input to it.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

adobe php sdk has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the CachedGateway.php script not properly sanitizing user input supplied to the 'AMFPHP_BASE' variable. However, this variable is a constant is set prior to an attacker supplying input to it.

Manual Testing Notes

http://[target]/adobe_php_sdk_path/libraries/amfphp/amf-core/custom/CachedGateway.php?AMFPHP_BASE=sh3ll?_

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0409.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0412.html ISS X-Force ID: 29776 CVE-2006-5549