BID:51090

TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability

Info

TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability

Bugtraq ID:	51090
Class:	Input Validation Error
CVE:	CVE-2011-4614
Remote:	Yes
Local:	No
Published:	Dec 16 2011 12:00AM
Updated:	Feb 21 2012 09:20PM
Credit:	Björn Pedersen and Christian Toffolo
Vulnerable:	Typo3 Typo3 4.6.1 Typo3 Typo3 4.6 Typo3 Typo3 4.5.8 Typo3 Typo3 4.5.7 Typo3 Typo3 4.5.5 Typo3 Typo3 4.5.6 Typo3 Typo3 4.5.4 Typo3 Typo3 4.5.3 Typo3 Typo3 4.5.2 Typo3 Typo3 4.5.1 Typo3 Typo3 4.5

Not Vulnerable:	Typo3 Typo3 4.6.2 Typo3 Typo3 4.5.9

Discussion

TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability

TYPO3 is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

Versions prior to TYPO3 4.6.2 are vulnerable.

Exploit / POC

TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability

Attackers can use a browser to exploit this issue.

Solution / Fix

TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

References

TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability

References:

TYPO3 Homepage (TYPO3)
TYPO3 Security Bulletin TYPO3-CORE-SA-2011-004: Remote Code Execution in TYPO3 C (TYPO3)