OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
php-proxima Remote File Access Vulnerability

From: Mind Warper (mindwarperlinuxmail.org)
Date: Wed May 14 2003 - 12:43:40 CDT


php-proxima Remote File Access Vulnerability

----------------------
Vendor Information:
----------------------

Homepage : http://www.php-proxima.com
Vendor : informed
Mailed advisory: 14/05/03
Vender Response : None

----------------------
Affected Versions:
----------------------

php-proxima 6.0 and prior

----------------------
Vulnerability:
----------------------

php-proxima is a website portal system made in php. php-proxima is actually
a different version of php-nuke, very similar although it has some changes.

One of the changes is that php-proxima contains a file called autohtml.php.
By sending a specific request as shown bellow an attacker may be able to
include local files and therefore read them.

The problem appears here:

***************************
..

witch($op) {

    case "modload":
        if (!isset($mainfile)) { include("mainfile.php"); }
        $index = 0;
        include("header.php");
        OpenTable();
                                   include("autohtml/$name");

..
***************************

Since the case has been coded so poorly in terms of security, a user
can avoid including mainfile.php and inject anything into $name.

Example:

http://victim/autohtml.php?op=modload&mainfile=x&name=<local filename>

----------------------
Solution:
----------------------

You can fix this problem by replacing
include("autohtml/$name");
with
// include("autohtml/$name");

Please check the vendor's website for new patches.

----------------------
Contact:
----------------------

Name: Mindwarper
Email: mindwarperlinuxmail.org
Website: http://mindlock.bestweb.net

--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze