[VIM] DISPUTE: PHP file inclusion in Ariadne 2.4.1
Heinbockel, Bill
heinbockel at mitre.org
Mon Nov 6 17:17:56 EST 2006
>-----Original Message-----
>From: Heinbockel, Bill
>Sent: Montag, 6. November 2006 17:02
>To: 'Vulnerability Information Managers'
>Subject: DISPUTE: PHP file inclusion in Ariadne 2.4.1
>
>Researcher: ajann
>BUGTRAQ:20061106 Ariadne <= 2.4.1 Multiple Remote File Include
>Vulnerabilities(New)
>http://www.securityfocus.com/archive/1/archive/1/450709/100/0/threaded
>XF:ariadne-storeconfig-file-include(30018)
>BID:20916
>
>*************************
>
>Examining Ariadne 2.4.1, the reported issues are not possible
>if the installation instructions are followed...
>
...
>
> if (!@include("../www/ariadne.inc")) {
> chdir(substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SE
> include("../www/ariadne.inc");
> }
> require($ariadne."/configs/ariadne.phtml");
> require($ariadne."/configs/ftp/$configfile");
> require($ariadne."/configs/store.phtml");
> require($ariadne."/includes/loader.ftp.php");
> require($ariadne."/configs/sessions.phtml");
> require($ariadne."/stores/".$store_config["dbms"]."store.phtml");
Just to clarify on the rest of the claims:
Additionally, the $configfile variable is defined previously in the
file
and $store_config["dbms"] is initialized in the configs/store.phtml
file
(and should not be publicly accessible if the installation instructions
are followed).
Some of the phtml files are installed by the user following the
instructions
while others are taken care of by running the install/install.php
script
(again, listed as a step in the installation instructions).
More information about the VIM
mailing list