[VIM] Kietu 3.2 - Local file inclusion
Heinbockel, Bill
heinbockel at mitre.org
Tue Sep 26 13:14:02 EDT 2006
As posted on BUGTRAQ on 20060923 "Local File Inclusion : Kietu"
http://www.securityfocus.com/archive/1/archive/1/446930/100/0/threaded
BID:20175
XF:kietu-urlhit-file-include(29121)
The researcher states that there is a local file inclusion
vulnerability
(directory traversal) with the url_hit parameter in hit.php. The issue
is supposedly on line 2 of hit.php, which should read:
>> include_once $url_hit.'class/kdetect.class.php';
No version information was provided.
I downloaded the latest release, 3.2, from the vendor's website and
did not discover the previous line in use. However, in 3.2, the
url_hit parameter in hit.php is still vulnerable.
line 40:
>> if (isset($url_hit)&$url_hit!='') {$kietu['url_hit']=$url_hit;} else
{$kietu['url_hit']=$_GET['url_hit'];}
...
lines 59-66:
>> if (file_exists($kietu['url_hit'].'config.php'))
>> {
>> require ($kietu['url_hit'].'config.php');
>> }
>> if (file_exists($kietu['url_hit'].'define/moteur.php'))
>> {
>> require ($kietu['url_hit'].'define/moteur.php');
>> }
Since the require calls are enclosed in file_exists conditionals, files
can only be included locally (via traversal or absolute paths) or
remotely (via FTP, FTPS URIs).
William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615
More information about the VIM
mailing list