Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Local File Inclusion
--------------------

Krzysztof K. Wasielewski reported that the layerstyle parameter in al.php was
not properly sanitized, causing a potential LFI vulnerability. Under normal
circumstances, an attacker would need to place a file named layerstyle.inc.php
in an arbitrary directory on the server and craft the layerstyle parameter
accordingly to load it. If an old version of PHP is being used the server,
other attack techniques might be possible, e.g. NULL-byte truncation.

CWE: CWE-98
CVSSv2: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
  • Loading branch information
mbeccati committed Sep 26, 2015
1 parent 9de1099 commit 86b623f
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions www/delivery_dev/al.php
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,13 @@
$layerstyle = 'geocities';
}

// Include layerstyle
if (file_exists(MAX_PATH . $conf['pluginPaths']['plugins'] . 'invocationTags/oxInvocationTags/layerstyles/' . $layerstyle . '/layerstyle.inc.php')) {
include MAX_PATH . $conf['pluginPaths']['plugins'] . 'invocationTags/oxInvocationTags/layerstyles/' . $layerstyle . '/layerstyle.inc.php';
} else {
$plugin = MAX_PATH.$conf['pluginPaths']['plugins'].'invocationTags/oxInvocationTags/layerstyles/'.$layerstyle.'/layerstyle.inc.php';

if (!preg_match('/^[a-z0-9-]{1,64}$/Di', $layerstyle) || !@include($plugin)) {
// Don't generate output when plugin layerstyleisn't available,just send javascript comment on fail
MAX_sendStatusCode(404);
echo '// Cannot load required layerstyle file. Check if openXInvocationTags plugin is installed';
exit(1);
exit;
}

//Register any script specific input variables
Expand Down

0 comments on commit 86b623f

Please sign in to comment.