[VIM] Jetbox CMS file include - CVE dispute
Heinbockel, Bill
heinbockel at mitre.org
Tue Aug 29 14:07:16 EDT 2006
Since this has appeared on BUGTRAQ from two different researchers
over the span of the past couple of days:
Researcher: D3nGeR
BUGTRAQ:20060825 Jetbox CMS search_function.php Remote File
http://www.securityfocus.com/archive/1/archive/1/444422/100/0/threaded
Researcher: CarcaBot
BUGTRAQ:20060828 JetBox cms (search_function.php) Remote File Include
http://www.securityfocus.com/archive/1/archive/1/444527/100/0/threaded
Source code analysis of includes/phpdig/libs/search_function.php in
Jetbox CMS 2.1.SR1 shows the line(s) being referenced
> Line 423: <?php include
$relative_script_path.'/libs/htmlheader.php' ?>
> Line 426: <?php include $relative_script_path.'/libs/htmlmetas.php'
?>
However, these lines are included within the following function,
declared
at the top of the file: (Lines 18-21)
> function phpdigSearch($id_connect, $query_string,
$option='start', $refine=0,
> $refine_url='', $lim_start=0, $limite=10, $browse=0,
> $site=0, $path='', $relative_script_path = '.',
$template='',
> $template_links='')
This function is called from line 46 in search.php, with the
$relative_script_path
variable, which is statically declared on line 26:
> $relative_script_path='includes/phpdig';
We see no way to exploit this, so CVE is marking as DISPUTED.
William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615
More information about the VIM
mailing list