[VIM] osTicket 1.6 - Local File Inclusion
George A. Theall
theall at tenable.com
Tue Nov 9 08:26:34 CST 2010
Bugtraq ID 44739 / Exploit DB 15471 cover a local file inclusion issue
reported by d3v11 and affecting the 'module.php' script in osTicket
1.6. The sample PoC SecurityFocus gives is:
http://www.example.com/module.php?module=osTicket&file=../../../../../../../../../../../../../../etc/passwd
Trouble is, there's no file named 'module.php' in the distribution
file of osTicket 1.6, either the one I just downloaded from the
project itself or the one attached to the EDB advisory itself.
To me this looks like it's a rehash of BID 19256. Or BID 39732, which
seems to be a dup of the older BID. For example, do a Google search
of 'osTicket "module.php" inurl:"view.php'"' and look at the sites
turned up -- they say they're "Powered by Help Center Live".
Btw, the EDB advisory says the issue's been verified. What exactly
does that mean? Who's verified the vulnerability and how was it done?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list