JCDex Lite Include File Bug Lets Remote Users Execute Arbitrary Commands
|
|
SecurityTracker Alert ID: 1014306
|
|
SecurityTracker URL: http://securitytracker.com/id?1014306
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 27 2005
|
Impact: Execution of arbitrary code via network, User access via network
|
Version(s): 2.0 (also 3.0)
|
Description: [A]nomaly [1]n [T]he [S]ystem reported a vulnerability in JCDex Lite. A remote user can execute arbitrary code on the target user's system.
The 'index.php' script includes a file relative to the user-supplied 'thispath' parameter. A remote user can create a URL with a
specially crafted parameter value to cause the target system to include and execute arbitrary PHP code. The PHP code, including
operating system commands, will run with the privileges of the target web service.
|
Impact: A remote user can execute arbitrary PHP code and operating system commands with the privileges of the target web service.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.ubbdesign.com/index.php (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: skdaemon porra <skdaemon@gmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 24 Jun 2005 11:09:30 -0300
From: skdaemon porra <skdaemon@gmail.com>
Subject: new bug by A1TS
|
A remote file inclusion bug in JCdex Lite v. 2.0 the lastest version:
bug code:
if (!$debug) {
=09include ("$thispath/templates/$tempstyle/index.tmpl");
}
$thispath variable could let remote attackers to include a remote file
to execute arbitrary malicius codes
founded by [A]nomaly [1]n [T]he [S]ystem
#A1TS in irc.gigachat.net
we are:
V4mu | r3ckd4ll | S0l4r1s | paulinhu | CupiD^
|
|
