Serendipity Lang.Inc.PHP Local File Include Vulnerability

Bugtraq ID:	21367
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 30 2006 12:00AM
Updated:	Jan 02 2007 07:26PM
Credit:	Kacper is credited with the discovery of this vulnerability.
Vulnerable:	S9Y Serendipity 1.0.3 S9Y Serendipity 0.9.1 S9Y Serendipity 0.8.2 S9Y Serendipity 0.8.1 S9Y Serendipity 0.8 -beta6 Snapshot S9Y Serendipity 0.8 -beta6 S9Y Serendipity 0.8 -beta5 S9Y Serendipity 0.8 S9Y Serendipity 0.7.1 S9Y Serendipity 0.7 beta3 S9Y Serendipity 0.7 beta1 S9Y Serendipity 0.7 -rc1 S9Y Serendipity 0.7 -beta4 S9Y Serendipity 0.7 -beta2 S9Y Serendipity 0.7 S9Y Serendipity 0.6 -rc2 S9Y Serendipity 0.6 -rc1 S9Y Serendipity 0.6 -pl3 S9Y Serendipity 0.6 -pl2 S9Y Serendipity 0.6 -pl1 S9Y Serendipity 0.6 S9Y Serendipity 0.5 -pl1 S9Y Serendipity 0.5 S9Y Serendipity 0.4 S9Y Serendipity 0.3 S9Y Serendipity 1.0.beta 3 S9Y Serendipity 1.0.beta 2
Not Vulnerable:	S9Y Serendipity 1.0.4

Serendipity Lang.Inc.PHP Local File Include Vulnerability

Serendipity is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker may inject malicious code into webserver log files and execute it in the context of the user running the webserver process.

Serendipity 1.0.3 and prior versions are vulnerable to this issue; other versions may also be affected.

Serendipity Lang.Inc.PHP Local File Include Vulnerability

Attackers can exploit this issue via a web client.

A sample exploit has been provided:

• /data/vulnerabilities/exploits/21367.php

Serendipity Lang.Inc.PHP Local File Include Vulnerability

Solution:
The vendor has released version 1.0.4 to address this issue; please see the reference section for details.


S9Y Serendipity 1.0.beta 2

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 1.0.beta 3

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.3

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.4

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.5

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.5 -pl1

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.6

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.6 -rc1

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.6 -pl3

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.6 -rc2

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.6 -pl2

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.6 -pl1

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.7 -rc1

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.7 beta1

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.7 beta3

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.7

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.7 -beta4

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.7 -beta2

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.7.1

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.8

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.8 -beta6

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.8 -beta5

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.8 -beta6 Snapshot

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.8.1

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.8.2

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 0.9.1

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

S9Y Serendipity 1.0.3

• S9Y serendipity-1.0.4a.tar.gz
  http://prdownloads.sourceforge.net/php-blog/serendipity-1.0.4a.tar.gz

Serendipity Lang.Inc.PHP Local File Include Vulnerability

References:

• Serendipity 1.0.4 released! (Serendipity)
  
• Serendipity Web Log Web Site (S9Y)