[VIM] Jetbox CMS file include - CVE dispute

Heinbockel, Bill heinbockel at mitre.org
Tue Aug 29 14:07:16 EDT 2006


Since this has appeared on BUGTRAQ from two different researchers
over the span of the past couple of days:

Researcher: D3nGeR
BUGTRAQ:20060825 Jetbox CMS search_function.php Remote File
http://www.securityfocus.com/archive/1/archive/1/444422/100/0/threaded

Researcher: CarcaBot
BUGTRAQ:20060828 JetBox cms (search_function.php) Remote File Include
http://www.securityfocus.com/archive/1/archive/1/444527/100/0/threaded

Source code analysis of includes/phpdig/libs/search_function.php in 
Jetbox CMS 2.1.SR1 shows the line(s) being referenced
> Line 423:   <?php include
$relative_script_path.'/libs/htmlheader.php' ?>
> Line 426:   <?php include $relative_script_path.'/libs/htmlmetas.php'
?>

However, these lines are included within the following function,
declared
at the top of the file: (Lines 18-21)
>	function phpdigSearch($id_connect, $query_string,
$option='start', $refine=0,
>		$refine_url='', $lim_start=0, $limite=10, $browse=0,
>		$site=0, $path='', $relative_script_path = '.',
$template='',
>		$template_links='')


This function is called from line 46 in search.php, with the
$relative_script_path
variable, which is statically declared on line 26:
>  $relative_script_path='includes/phpdig';

We see no way to exploit this, so CVE is marking as DISPUTED.


William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615


More information about the VIM mailing list