| VID |
210057 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Advanced Guestbook software is vulnerable to a local file include vulnerability via the 'lang' cookie. Advanced Guestbook is a guestbook program written in PHP. Advanced Guestbook version 2.4.2 and other versions are vulnerable to a local file include vulnerability, caused by improper validation of user-supplied input passed to the 'lang' cookie before using it as a language template. By sending a specially-crafted request to the index.php script containing "dot dot" sequences (/../) in the lang cookie parameter, a remote attacker could view arbitrary files on the system or execute arbitrary PHP local files with the privileges of the Web server.
* References:
http://www.netvigilance.com/advisory0013
http://archives.neohapsis.com/archives/bugtraq/2007-05/0094.html
http://www.frsirt.com/english/advisories/2007/1726
http://secunia.com/advisories/25153
* Platforms Affected:
proxy2, Advanced Guestbook 2.4.2
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of May 2007.
As a workaround, edit the source code to ensure that input is properly verified and sanitised. Or set "register_globals" in php.ini to Off. |
| Related URL |
CVE-2007-0609 (CVE) |
| Related URL |
23876 (SecurityFocus) |
| Related URL |
34152 (ISS) |
|
