- 28 May 2008Advisories » PHP-Fusion Forum Rank System Local File Inclusion Vulnerability
| Release Date: | 20/05/2008 | Severity: | Moderately Critical  |
| SecWatch Advisory: | SWID1021237 | Cause: | Input validation error |
| Solution Status: | Unpatched | Impact: | Disclosure of system information Execution of arbitrary code |
| Exploit Status: | None Available | Access Vector: | From remote |
| Affected Software: | Forum Rank System 1.x (module for PHP-Fusion) | ||
| CVE: | CVE-2008-2227 | ||
| Secunia: | SA30304 | ||
| Bugtraq ID: | BID#28855 | ||
Description:
An input validation vulnerability in Forum Rank System module for PHP-Fusion has been reported, which can be exploited by remote users to disclose sensitive information or potentially compromise a vulnerable system.
User-supplied input passed to the "settings[locale]" parameter in forum.php and profile.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.
Note: Exploitation techniques, such as injecting PHP code in to log files and then including said files in the manner above, can lead to the execution of arbitrary code. The code, including operating system commands, will run with the privileges of the target web service.
Successful exploitation requires "register_globals" is enabled and "magic_quotes_gpc" is disabled.
Affected:
PHP-Fusion version 1.00. Other versions may also be affected.
Solution:
There was no vendor-supplied solution at the time of entry.
Edit source code manually to ensure user-supplied input is correctly sanitised.
Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.
Credits:
Matrix86
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.