|
Family: CGI abuses --> Category: infos
PHP-Nuke security vulnerability (bb_smilies.php) Vulnerability Scan
Vulnerability Scan Summary Determine if a remote host is vulnerable to the bb_smilies.php vulnerability
Detailed Explanation for this Vulnerability Test
The remote host seems to be vulnerable to a security problem in PHP-Nuke (bb_smilies.php).
The vulnerability is caused by inadequate processing of queries by PHP-Nuke's bb_smilies.php
which results in returning the content of any file we desire (the file needs to be world-readable).
A similar vulnerability in the same PHP program allows execution of arbitrary code by changing
the password of the administrator of bb_smilies.
Impact:
Every file that the webserver has access to can be read by anyone. It is
also possible to change bb_smilies' administrator password and even execute
arbitrary commands.
Solution:
Change the following lines in both bb_smilies.php and bbcode_ref.php:
if ($userdata[9] != '') $themes = 'themes/$userdata[9]/theme.php'
else $themes = 'themes/$Default_Theme/theme.php'
To:
if ($userdata[9] != '') $themes = 'themes/$userdata[9]/theme.php'
else $themes = 'themes/$Default_Theme/theme.php'
if ( !(strstr(basename($themes),'theme.php')) || !(file_exists($themes)) ){
echo 'Invalid Theme'
exit
}
include ('$themes')
Or upgrade to the latest version (Version 4.4.1 and above).
Threat Level: Medium
Additional information:
http://www.securiteam.com/securitynews/Serious_security_hole_in_PHP-Nuke__bb_smilies_.html
Click HERE for more information and discussions on this network vulnerability scan.
|