PHP mlog.html Read Arbitrary File

1997-10-19T00:00:00
ID OSVDB:3397
Type osvdb
Reporter OSVDB
Modified 1997-10-19T00:00:00

Description

Vulnerability Description

PHP/FI contains a flaw that allows a remote attacker to view arbitray files. The issue is due to the "mlog.html" sample script not sanitizing input passed to the "screen" variable. By supplying a fully qualified path and filename, the script will return the contents of the file.

Solution Description

Upgrade to version 3.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP/FI contains a flaw that allows a remote attacker to view arbitray files. The issue is due to the "mlog.html" sample script not sanitizing input passed to the "screen" variable. By supplying a fully qualified path and filename, the script will return the contents of the file.

Manual Testing Notes

/php/mlog.html?screen=/etc/passwd /mlog.html?screen=/etc/passwd

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_4/0097.html ISS X-Force ID: 1505 CVE-1999-0346 Bugtraq ID: 713