Open Web Analytics Local and Remote File Include Vulnerabilities
BID:39825
Info
Open Web Analytics Local and Remote File Include Vulnerabilities
| Bugtraq ID: | 39825 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2010 12:00AM |
| Updated: | Mar 19 2015 09:22AM |
| Credit: | ItSecTeam |
| Vulnerable: |
Open Web Analytic Open Web Analytic 1.2.3 |
| Not Vulnerable: | |
Discussion
Open Web Analytics Local and Remote File Include Vulnerabilities
Open Web Analytics is prone to multiple local file-include vulnerabilities and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.
Open Web Analytics 1.2.3 is vulnerable; other versions may also be affected.
Open Web Analytics is prone to multiple local file-include vulnerabilities and a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.
Open Web Analytics 1.2.3 is vulnerable; other versions may also be affected.
Exploit / POC
Open Web Analytics Local and Remote File Include Vulnerabilities
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/path/mw_plugin.php?IP=shell.txt?
http://www.example.com/path/index.php?owa_action=[lfi]%00
http://www.example.com/path/index.php?owa_do=[lfi]%00
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/path/mw_plugin.php?IP=shell.txt?
http://www.example.com/path/index.php?owa_action=[lfi]%00
http://www.example.com/path/index.php?owa_do=[lfi]%00
Solution / Fix
Open Web Analytics Local and Remote File Include Vulnerabilities
Solution:
This issue may be fixed in Open Web Analytics 1.2.4. Please see the references for details.
Solution:
This issue may be fixed in Open Web Analytics 1.2.4. Please see the references for details.
References
Open Web Analytics Local and Remote File Include Vulnerabilities
References:
References:
- Open Web Analytics 1.2.3 multi file include ( ITSecTeam )
- OWA 1.2.4 is available �?? security update (Open Web Analytics)