<plugin_id>232</plugin_id>
<plugin_name>BBS E-Market Professional Arbitrary File Inclusion</plugin_name>
<plugin_family>CGI</plugin_family>
<plugin_created_date>2004/09/13</plugin_created_date>
<plugin_created_name>Nico 'Triplex' Spicher</plugin_created_name>
<plugin_created_email>Triplex@IT-Helpnet.de</plugin_created_email>
<plugin_created_web>http://triplex.it-helpnet.de/</plugin_created_web>
<plugin_created_company>http://www.it-helpnet.de/</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/14</plugin_updated_date>
<plugin_version>2.0</plugin_version>
<plugin_changelog>Made some slight modifications and enhancements in version 1.1. Corrected the plugin structure and added the accuracy values in 1.2. Improved the pattern matching and introduced the plugin changelog in 2.0</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_detection>open|send GET /becommunity/community/index.php?pageurl=http://www.php.net/downloads.php HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *PHP Function List*</plugin_procedure_detection>
<plugin_detection_accuracy>90</plugin_detection_accuracy>
<plugin_comment>This plugin was written with the ATK-Plugin-Creator [http://triplex.it-helpnet.de].</plugin_comment>
<bug_published_name>y3dips</bug_published_name>
<bug_published_email>y3dips@echo.or.id</bug_published_email>
<bug_published_web>http://y3dips.echo.or.id</bug_published_web>
<bug_published_date>2004/09/07</bug_published_date>
<bug_advisory>http://echo.or.id/adv/adv06-y3dips-2004.txt</bug_advisory>
<bug_affected>BBS E-Market Professional</bug_affected>
<bug_not_affected>Other solutions</bug_not_affected>
<bug_vulnerability_class>Cross Site Scripting</bug_vulnerability_class>
<bug_description>Input passed to the "pageurl" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.</bug_description>
<bug_solution>Edit the source to ensure that only trusted files from the local system are included.</bug_solution>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://secunia.com/advisories/12509</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>High</bug_severity>
<bug_popularity>2</bug_popularity>
<bug_simplicity>7</bug_simplicity>
<bug_impact>9</bug_impact>
<bug_risk>3</bug_risk>
<source_secunia_id>12509</source_secunia_id>
<source_literature>Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X</source_literature>
<source_misc>http://www.computec.ch</source_misc>