[VIM] Jetbox CMS file include - CVE dispute

Heinbockel, Bill heinbockel at mitre.org
Tue Aug 29 14:07:16 EDT 2006

Since this has appeared on BUGTRAQ from two different researchers
over the span of the past couple of days:

Researcher: D3nGeR
BUGTRAQ:20060825 Jetbox CMS search_function.php Remote File

Researcher: CarcaBot
BUGTRAQ:20060828 JetBox cms (search_function.php) Remote File Include

Source code analysis of includes/phpdig/libs/search_function.php in 
Jetbox CMS 2.1.SR1 shows the line(s) being referenced
> Line 423:   <?php include
$relative_script_path.'/libs/htmlheader.php' ?>
> Line 426:   <?php include $relative_script_path.'/libs/htmlmetas.php'

However, these lines are included within the following function,
at the top of the file: (Lines 18-21)
>	function phpdigSearch($id_connect, $query_string,
$option='start', $refine=0,
>		$refine_url='', $lim_start=0, $limite=10, $browse=0,
>		$site=0, $path='', $relative_script_path = '.',
>		$template_links='')

This function is called from line 46 in search.php, with the
variable, which is statically declared on line 26:
>  $relative_script_path='includes/phpdig';

We see no way to exploit this, so CVE is marking as DISPUTED.

William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org

More information about the VIM mailing list