[VIM] PHP-Fusion Local File Inclusion Vulnerability
George A. Theall
theall at tenable.com
Mon Aug 16 09:05:31 CDT 2010
Exploit DB 14647 / Bugtraq 42456 cover a supposed local file include
vulnerability in PHP-Fusion (possibly just an Arabic-language
version). An attacker reportedly calls the maincore.php file directly
and uses the 'folder_level' parameter to control which file is
included. That's the theory, at least. Here's the snippet of code
quoted by MoDaMeR in the advisory:
maincore.php
[php]
// Locate config.php and set the basedir path
$folder_level = ""; $i = 0;
while (!file_exists($folder_level."config.php")) {
$folder_level .= "../"; $i++;
if ($i == 5) { die("Config file not found"); }
}
require_once $folder_level."config.php";
define("BASEDIR", $folder_level);
[/php]
'$folder_level' is hardcoded as one or more directory traversal
sequences. It doesn't look exploitable to me, at least as MoDaMeR
claims.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list