CodeGrrl protection.php file include

codegrrl-protection-file-include (23130) The risk level is classified as MediumMedium Risk

Description:

Multiple CodeGrrl scripts/products could allow a remote attacker to include malicious PHP files. If register_globals is enabled, a remote attacker could send a specially-crafted URL request to the protection.php script using the siteurl parameter to specify a malicious PHP file from a remote or local system, which would allow the attacker to execute arbitrary code on the vulnerable system.

Products and versions confirmed to be affected:
PHPCalendar
PHPClique
PHPCurrently
PHPFanBase
PHPQuotes


Consequences:

Gain Access

Remedy:

Refer to the Codegrrl.com Forums - Nov 16 2005 01:11 PM for patch information. See References.

As a work-around, set register_globals to "off".

References:

  • BugTraq Mailing List, Sun Nov 13 2005 - 05:51:17 CST: PHPCalendar (and some more codegrrl.com products) arbitrary code execution.
  • CODEGRRL.com: PHPClique.
  • CODEGRRL.com: PHPCurrently.
  • CODEGRRL.com: Codegrrl.com Forums - Nov 16 2005, 01:11 PM.
  • CODEGRRL.com: PHPQuotes.
  • CODEGRRL.com: PHPCalendar.
  • CODEGRRL.com: PHPFanBase.
  • BID-15417: Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
  • BID-21664: PHPFanBase Protection.PHP Remote File Include Vulnerability
  • CVE-2005-3571: PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected.
  • SA17542: CodeGrrl Products "siteurl" File Inclusion Vulnerability
  • SECTRACK ID: 1015206: PHPCalendar, PHPClique, PHPFanBase, PHPCurrently, and PHPQuotes Let Remote Users Execute Arbitrary Code
  • VUPEN/ADV-2005-2402: CodeGrrl Multiple Products siteurl Remote File Inclusion Vulnerability

Platforms Affected:

  • CodeGrrl PHPCalendar 1.0
  • CodeGrrl PHPClique 1.0
  • CodeGrrl PHPCurrently 2.0
  • CodeGrrl PHPQuotes 1.0
  • Sasha PHPFanBase 2.1

Reported:

Nov 14, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page