Written by osm@n
Monday, 23 February 2009 21:02
PHP-Nuke Book Catalog Module 'upload.php' Arbitrary File Upload Vulnerability
Input Validation Error
Sep 07 2006 12:00AM
Feb 23 2009 04:17PM
osm@n is credited with the discovery of this vulnerability.
SAP Basis Community Book Catalog Module 1.0
The Book Catalog module for PHP-Nuke is prone to a vulnerability that lets attackers upload arbitrary files.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Book Catalog 1.0 is vulnerable; other versions may also be affected.
An attacker can exploit this issue via a browser.
The following proof of concept is available:
Upload c99 or r57 shell scripts
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at:
http://www.basisconsultant.com/index.ph (SAP Basis Community)