Yet Another NOCC <= 0.1.0 Local File Inclusion Vulnerability

2009.02.12
Credit: Kacper
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Yet Another NOCC 0.1.0 <= Local File Inclusion Vulnerabilities YANOCC is a simple and fast webmail client which can handle POP3, SMTP, and IMAP servers. YANOCC is based on NOCC's code and is written with PHP4. It features multi-language support, MIME attachments, displays HTML messages, address book, folder support. Author: Kacper HomePage: http://devilteam.pl/ http://polskihacking.pl/ in file check_lang.php: if (!ISSET($lang)) { $ar_lang = explode(",", $HTTP_ACCEPT_LANGUAGE); while ($accept_lang = array_shift($ar_lang)) { $tmp = explode(";", $accept_lang); $tmp[0] = strtolower($tmp[0]); if (file_exists("lang/".$tmp[0].".php")) { $lang = $tmp[0]; break; } } if ($lang == "") $lang = $default_lang; } // Fix for faulty PHP install (RH7, see bug #24933) $lang = trim($lang); require ("lang/".$lang.".php"); Vuln example: check_lang.php?lang=../[localinclude]%00


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top