PHPMyVisites Set_Lang File Include Vulnerability

Bugtraq ID:	13370
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 26 2005 12:00AM
Updated:	Apr 26 2005 12:00AM
Credit:	Discovery is credited to Max Cerny.
Vulnerable:	phpMyVisites phpMyVisites 1.3
Not Vulnerable:

PHPMyVisites Set_Lang File Include Vulnerability

phpMyVisites allows attackers to include arbitrary files. While it has been demonstrated that local files may be included through this vulnerability, there is an unconfirmed possibility of remote file inclusion.

Exploitation could disclose local files, or in the case of remote file inclusion, let the attacker execute malicious PHP code.

The issue is known to affect phpMyVisites 1.3. Other versions may also be affected.

PHPMyVisites Set_Lang File Include Vulnerability

The following example was provided to demonstrate how to include a local file:

<form action="http://[pathtoyourphpMyVisites]/login.php" method="POST">
Local file: <input type="text" name="mylang" value="" />
<input type="submit" value="Alexx says RELAX!">
</form>

PHPMyVisites Set_Lang File Include Vulnerability

Solution:
The vendor has addressed this version in the CVS development version. An official release containing fixes is pending.


phpMyVisites phpMyVisites 1.3

• phpMyVisites phpmyvisites-cvsroot.tar.bz2
  http://cvs.sourceforge.net/cvstarballs/phpmyvisites-cvsroot.tar.bz2

PHPMyVisites Set_Lang File Include Vulnerability

References:

• phpMyVisites Homepage (phpMyVisites)
  
• [exploits] phpMyVisites 1.3 local file retrieval (Max Cerny )