WEBInsta Mailing list manager 1.3e (cabsolute_path) RFI

vendor:

WEBInsta Mailing list manager

by:

Philipp Niedziela

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: WEBInsta Mailing list manager

Affected Version From: 1.3e

Affected Version To: 1.3e

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

WEBInsta Mailing list manager 1.3e (cabsolute_path) RFI

WEBInsta Mailing list manager 1.3e is vulnerable to Remote File Inclusion due to the lack of proper sanitization of the $cabsolute_path parameter. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This can lead to remote code execution.

Mitigation:

Delete the 'install' folder after installation.

Source

Exploit-DB raw data:

+--------------------------------------------------------------------
+
+ WEBInsta Mailing list manager 1.3e (cabsolute_path) RFI
+
+ Original advisory:
+ http://www.bb-pcsecurity.de/Websecurity/311/org/
+ WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm
+
+--------------------------------------------------------------------
+
+ Affected Software .: WEBInsta. Mailing list manager 1.3e
+ Venedor ...........: http://www.webinsta.com
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ Code /istall/install3.php:
+
+ .....
+ if($database=="none")
+ {
+ include($cabsolute_path.'inc/adodbt/db.inc');
+ $conn = &ADONewConnection();
+ .....
+
+--------------------------------------------------------------------
+
+ $cabsolute_path is not properly sanitized before being used
+
+--------------------------------------------------------------------
+
+ Solution:
+ Delete folder "install" after installation!!
+
+--------------------------------------------------------------------
+
+ PoC:
+
+ http://[target]/install/install3.php?database=none&cabsolute_path=[script]
+
+--------------------------------------------------------------------
+
+ Greets: /str0ke
+
+-------------------------[ E O F ]----------------------------------

# milw0rm.com [2006-08-10]