SCRIPT BANNIERES bannieres.php chemin Variable Remote File Inclusion

2006-10-27T01:02:32
ID OSVDB:31207
Type osvdb
Reporter OSVDB
Modified 2006-10-27T01:02:32

Description

Vulnerability Description

SCRIPT BANNIERES has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the bannieres.php script not properly sanitizing user input supplied to the 'chemin' variable. However, subsequent examination indicates an attacker can not manipulate input to this variable.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

SCRIPT BANNIERES has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the bannieres.php script not properly sanitizing user input supplied to the 'chemin' variable. However, subsequent examination indicates an attacker can not manipulate input to this variable.

Manual Testing Notes

http://[target]/[Ban_Path]/modules/bannieres/bannieres.php?chemin=Sh3ll.txt?

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0457.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0466.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0453.html Mail List Post: http://attrition.org/pipermail/vim/2006-November/001124.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0020.html CVE-2006-5906