BNLug - PBLang Login PHP Local File Include Vulnerability

PBLang Login.PHP Local File Include Vulnerability

TITLE: PBLang Login.PHP Local File Include Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 06 2007 12:00AM
UPDATE: Jun 06 2007 12:00AM
CREDIT: Silentz is credited with the discovery of this vulnerability.
VULNERABLE:

PBLang PBLang 4.66 z
PBLang PBLang 4.66
PBLang PBLang 4.65
PBLang PBLang 4.63
PBLang PBLang 4.56 (4.5 RC 2)
PBLang PBLang 4.6
PBLang PBLang 4.0
PBLang PBLang 4.67.16.a

NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

PBLang is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Version 4.67.16.a is vulnerable to this issue; prior versions may also be affected.

Exploit

Attackers can use a browser to exploit this issue.

The following exploit is available:

/data/vulnerabilities/exploits/24340.php

Solution

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

References

References:

PBLang Forum Homepage (PBLang)

PBLang Login.PHP Local File Include Vulnerability

Discussion

Exploit

Solution

References

PhpLog

BNLug Benevento Linux Users Group

Menu Principale

Staff

Partner

Link