|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
YaPiG contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to the add_comment.php script not properly sanitizing user input allowing a remote attacker to upload malicious files to the server with a '.php' extension. When the uploaded script is accessed it will be executed with the same privileges as the webserver.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): 'add_comment.php', line 105:
Replace:
$comments_file= $gid_dir . $gid . "_" . $phid;
With:
$comments_file= $gid_dir . $gid . "_" . intval($phid);
'functions.php', lines 699-700:
Replace:
$linea=$linea . $data_array['mail'] . $SEPARATOR;
$linea=$linea . $data_array['web'] . $SEPARATOR;
With:
$linea=$linea . htmlspecialchars($data_array['mail']) . $SEPARATOR;
$linea=$linea . htmlspecialchars($data_array['web']) . $SEPARATOR;
|
|
Products |
|
YaPiG
 |
0.92b |
|
|
|
|
|
|
Credit |
- aCiDBiTS - acidbits
 hotmail.com -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
