Bitweaver 'rankings.php' Local File Include Vulnerability
BID:52176
Info
Bitweaver 'rankings.php' Local File Include Vulnerability
| Bugtraq ID: | 52176 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-5086 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 27 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | I2sec-PJH |
| Vulnerable: |
Bitweaver Bitweaver 2.8.1 |
| Not Vulnerable: | |
Discussion
Bitweaver 'rankings.php' Local File Include Vulnerability
Bitweaver is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
Bitweaver 2.8.1 is vulnerable; other versions may also be affected.
Bitweaver is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
Bitweaver 2.8.1 is vulnerable; other versions may also be affected.
Exploit / POC
Bitweaver 'rankings.php' Local File Include Vulnerability
Attackers can exploit this issue through a browser.
The following example URI is available:
http://www.example.com/wiki/rankings.php?style=../../../../../../../../install.ini%00
Attackers can exploit this issue through a browser.
The following example URI is available:
http://www.example.com/wiki/rankings.php?style=../../../../../../../../install.ini%00
Solution / Fix
Bitweaver 'rankings.php' Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Bitweaver 'rankings.php' Local File Include Vulnerability
References:
References:
- Bitweaver Download Page (wjames5)