|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
BLNews contains a flaw that may allow a malicious user to manipulate PHP in order to include a local or remote file. The issue exists because BLNews fails to properly initialize server side variables. It is possible that the flaw may allow an attacker to trick PHP subsystem into including remote PHP scripts controled by the attacker that could be used to execute arbitrary commands on the server, resulting in a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
A misconfiguration on the 'admin/objects.inc.php4' script may allow an attacker to submit the $Server[path] variable, so that the PHP subsystem will include and potentially execute remote PHP scripts.
------------admin/objects.inc.php4------------
if ($itheme!="blubb")
{ include("$Server[path]/admin/tools.inc.php4"); }
include("$Server[path]/admin/$Server[language_file]");
-----------------------------------------------------
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:
At the top of 'objects.inc.php4' make sure you have:
include("server.inc.php4");
|
|
Products |
|
BLnews
 |
2.1.3 |
|
|
|
|
|
|
Credit |
- Over G - overg
 mail.ru -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
