Glossword Custom_Vars.PHP Remote File Include Vulnerability
TITLE: Glossword Custom_Vars.PHP Remote File Include Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: May 16 2007 12:00AM
UPDATE: May 28 2007 05:41PM
CREDIT: BeyazKurt is credited with the discovery of this vulnerability.
VULNERABLE:
Glossword Glossword 1.8.1NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Glossword is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Glossword 1.8.1; other versions may also be vulnerable.
Exploit
Attackers can use a browser to exploit this issue.
The following proof-of-concept URI is available:
http://www.example.com/custom_vars.php?sys[path_addon]=EvilC0de
Solution
Solution:
The vendor has committed fixes to its Subversion repository. Please see the references for more information.
Users of affected packages should contact the vendor for information on obtaining and applying fixes.
References
References:
- Diff of /custom_vars.php (Glossword)
- Glossword Sourceforge Page (Glossword)