Menu

#3 local file inclusion vulnerability

open
nobody
None
5
2008-07-03
2008-07-03
Anonymous
No

if a user uploads a php file it can be executed through this script <= 1.3.1

defs.php line 49: @include("langs/$_GET[l].php");

to fix this add this code at line 44:

$lang_tbl=array('en','bg','de','nl','fr','it','ru'); // valid languages
if(isset($_GET['l'])&&in_array($_GET['l'],$lang_tbl))$lang_inc=$_GET['l'].".php";
else $lang_inc='en.php'; // default to en on error

and replace line 49 with:

@include("langs/$lang_inc");

Discussion

  • Nobody/Anonymous

    Logged In: NO

    Does release 1.3.2 address and correct this vulnerability?

     
  • Robert Blackwell

    Logged In: YES
    user_id=1084256
    Originator: NO

    This is interesting find. Did a vulnerability exist and was it corrected in version 1.3.2?

     
  • Nobody/Anonymous

    Original poster here, version 1.3.2 does not address this issue, the vulnerability still exists, i suggest you manually patch your copies until the developer bothers to read the bug reports.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.