WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion

medium Nessus Plugin ID 21311

Synopsis

The remote web server contains a PHP application that is affected by a local file include vulnerability.

Description

The remote host is running WEBalbum, a photo album application written in PHP.

The installed version of WEBalbum fails to sanitize user input to the 'skin2' cookie in 'inc/inc_main.php' before using it to include arbitrary files. An unauthenticated attacker may be able to read arbitrary local files or include a local file that contains commands which will be executed on the remote host subject to the privileges of the web server process.

This flaw is only exploitable if PHP's 'magic_quotes_gpc' is disabled.

Solution

Unknown at this time.

Plugin Details

Severity: Medium

ID: 21311

File Name: webalbum_local_file_include.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 5/3/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Vulnerability Publication Date: 3/25/2006

Reference Information

CVE: CVE-2006-1480

BID: 17228