BandSite CMS and SmartSite CMS (PHP based) Root File Inclusion Vulnerability Discovered
By Angsuman Chakraborty, Gaea News NetworkWednesday, June 21, 2006
Archit3ct and IR4DEX GROUP have discovered a vulnerability in SmartSiteCMS, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the “root” parameter in include/inc_foot.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
The vulnerability has been confirmed in version 1.0. Other versions may also be affected.
Kw3[R]Ln has reported some vulnerabilities in BandSite CMS, which can be exploited by malicious people to compromise a vulnerable system.
1) Input passed to the “root_path” parameter in includes/content/contact_content.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
2) Input passed to the “root_path” parameter in multiple files under the “adminpanel” directory is also not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
Successful exploitation in both requires “register_globals” to be enabled.
The solution is edit the source files to ensure that input is properly verified at all times. It would be much simpler to disable “register_globals”.
It is very painful to watch security vulnerabilities being discovered all the time in php based software because the developers simply neglect to sanitize input. WordPress CMS is no exception.
