Gnopaste Common.PHP Remote File Include Vulnerability
BID:18180
CVE-2006-2834 |Info
Gnopaste Common.PHP Remote File Include Vulnerability
| Bugtraq ID: | 18180 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 31 2006 12:00AM |
| Updated: | Jan 29 2007 11:30PM |
| Credit: | Discovery is credited to [email protected]. |
| Vulnerable: |
gnopaste gnopaste 0.5.3 gnopaste gnopaste 0.5.2 |
| Not Vulnerable: |
gnopaste gnopaste 0.5.4 |
Discussion
Gnopaste Common.PHP Remote File Include Vulnerability
The gnopaste tool is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application.
This could result in the execution of arbitrary PHP code in the context of the webserver hosting the application.
The gnopaste tool is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application.
This could result in the execution of arbitrary PHP code in the context of the webserver hosting the application.
Exploit / POC
Gnopaste Common.PHP Remote File Include Vulnerability
This issue can be exploited through the a web client.
The following URI is available:
This issue can be exploited through the a web client.
The following URI is available:
Solution / Fix
Gnopaste Common.PHP Remote File Include Vulnerability
Solution:
The vendor has released version 0.5.4 to address this issue.mailto:[email protected]
gnopaste gnopaste 0.5.2
gnopaste gnopaste 0.5.3
Solution:
The vendor has released version 0.5.4 to address this issue.mailto:[email protected]
gnopaste gnopaste 0.5.2
-
gnopaste gnopaste-0.5.4.tgz
http://downloads.sourceforge.net/gnopaste/gnopaste-0.5.4.tgz
gnopaste gnopaste 0.5.3
-
gnopaste gnopaste-0.5.4.tgz
http://downloads.sourceforge.net/gnopaste/gnopaste-0.5.4.tgz
References
Gnopaste Common.PHP Remote File Include Vulnerability
References:
References: