php-proxima Remote File Access Vulnerability

2003-05-15T00:00:00
ID SECURITYVULNS:DOC:4530
Type securityvulns
Reporter Securityvulns
Modified 2003-05-15T00:00:00

Description

php-proxima Remote File Access Vulnerability


Vendor Information:

Homepage : http://www.php-proxima.com Vendor : informed Mailed advisory: 14/05/03 Vender Response : None


Affected Versions:

php-proxima 6.0 and prior


Vulnerability:

php-proxima is a website portal system made in php. php-proxima is actually a different version of php-nuke, very similar although it has some changes.

One of the changes is that php-proxima contains a file called autohtml.php. By sending a specific request as shown bellow an attacker may be able to include local files and therefore read them.

The problem appears here:


..

witch($op) {

case "modload":
    if (!isset($mainfile)) { include("mainfile.php"); }
    $index = 0;
    include("header.php");
    OpenTable();
                            include("autohtml/$name");

..


Since the case has been coded so poorly in terms of security, a user can avoid including mainfile.php and inject anything into $name.

Example:

http://victim/autohtml.php?op=modload&mainfile=x&name=<local filename>


Solution:

You can fix this problem by replacing include("autohtml/$name"); with // include("autohtml/$name");

Please check the vendor's website for new patches.


Contact:

Name: Mindwarper Email: mindwarper@linuxmail.org Website: http://mindlock.bestweb.net

--


http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze