BID:23611

LMS RTMessageAdd.PHP Remote File Include Vulnerability

Info

LMS RTMessageAdd.PHP Remote File Include Vulnerability

Bugtraq ID:	23611
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 23 2007 12:00AM
Updated:	Apr 24 2007 02:30AM
Credit:	InyeXion is credited with the discovery of this vulnerability.
Vulnerable:	LMS LAN Management System 1.5.4 LMS LAN Management System 1.5.3

Not Vulnerable:	LMS LAN Management System 1.5.5

Discussion

LMS RTMessageAdd.PHP Remote File Include Vulnerability

LMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

This issue affects LMS 1.5.3 and 1.5.4; earlier versions may also be vulnerable.

Exploit / POC

LMS RTMessageAdd.PHP Remote File Include Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/modules/rtmessageadd.php?_LIB_DIR=Shell?

Solution / Fix

LMS RTMessageAdd.PHP Remote File Include Vulnerability

Solution:
This issue has been resolved in LMS 1.5.5 and later versions.

LMS LAN Management System 1.5.3

LMS lms-1.8.0+libs.tar.gz
http://www.lms.org.pl/download/1.8/lms-1.8.0+libs.tar.gz

LMS LAN Management System 1.5.4

LMS lms-1.8.0+libs.tar.gz
http://www.lms.org.pl/download/1.8/lms-1.8.0+libs.tar.gz

References

LMS RTMessageAdd.PHP Remote File Include Vulnerability

References:

LMS Homepage (LMS)
lms 1.5.3 Remote File Inclusion (InyeXion)