Advanced Poll booth.php include_path Variable Remote File Inclusion

2003-10-25T09:13:47
ID OSVDB:3291
Type osvdb
Reporter Frog Man(leseulfrog@hotmail.com)
Modified 2003-10-25T09:13:47

Description

Vulnerability Description

Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to booth.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to booth.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

References:

Vendor URL: http://www.proxy2.de/scripts.php Secunia Advisory ID:10068 Related OSVDB ID: 3292 Related OSVDB ID: 2743 Related OSVDB ID: 25169 Related OSVDB ID: 25170 Related OSVDB ID: 25173 Related OSVDB ID: 25171 Related OSVDB ID: 25172 Other Advisory URL: http://packetstormsecurity.nl/0310-exploits/php.advanced.poll.txt Other Advisory URL: http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html Nessus Plugin ID:11487 ISS X-Force ID: 13514 CVE-2003-1179 Bugtraq ID: 8890