ISS X-Force Database: codegrrl-protection-file-include(23130): CodeGrrl protection.php file include

CodeGrrl protection.php file include

codegrrl-protection-file-include (23130)

Medium Risk

Description:

Multiple CodeGrrl scripts/products could allow a remote attacker to include malicious PHP files. If register_globals is enabled, a remote attacker could send a specially-crafted URL request to the protection.php script using the siteurl parameter to specify a malicious PHP file from a remote or local system, which would allow the attacker to execute arbitrary code on the vulnerable system.

Products and versions confirmed to be affected:
PHPCalendar
PHPClique
PHPCurrently
PHPFanBase
PHPQuotes

Platforms Affected:

CodeGrrl, PHPCalendar 1.0
CodeGrrl, PHPClique 1.0
CodeGrrl, PHPCurrently 2.0
CodeGrrl, PHPQuotes 1.0
Sasha, PHPFanBase 2.1

Remedy:

Refer to the Codegrrl.com Forums - Nov 16 2005 01:11 PM for patch information. See References.

As a work-around, set register_globals to "off".

Consequences:

Gain Access

References:

BugTraq Mailing List, Sun Nov 13 2005 - 05:51:17 CST, PHPCalendar (and some more codegrrl.com products) arbitrary code execution at http://archives.neohapsis.com/archives/bugtraq/2005-11/0151.html.
CODEGRRL.com, PHPClique at http://codegrrl.com/scripts/phpclique/.
CODEGRRL.com, PHPCurrently at http://codegrrl.com/scripts/phpcurrently/.
CODEGRRL.com, Codegrrl.com Forums - Nov 16 2005, 01:11 PM at http://codegrrl.com/forums/index.php?showtopic=11116.
CODEGRRL.com, PHPQuotes at http://codegrrl.com/scripts/phpquotes/.
CODEGRRL.com, PHPCalendar at http://codegrrl.com/scripts/phpcalendar/.
CODEGRRL.com, PHPFanBase at http://codegrrl.com/scripts/phpfanbase/.
BID-15417: Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
BID-21664: PHPFanBase Protection.PHP Remote File Include Vulnerability
CVE-2005-3571: PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected.
SA17542: CodeGrrl Products "siteurl" File Inclusion Vulnerability
SECTRACK ID: 1015206: PHPCalendar, PHPClique, PHPFanBase, PHPCurrently, and PHPQuotes Let Remote Users Execute Arbitrary Code
VUPEN/ADV-2005-2402: CodeGrrl Multiple Products siteurl Remote File Inclusion Vulnerability

Reported:

Nov 14, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page