PHP MyWebMin 1.0 Remote File Include

vendor:

PHP MyWebMin

by:

Kernel-32

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: PHP MyWebMin

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:josh.ch:php_mywebmin

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

PHP MyWebMin 1.0 Remote File Include

PHP MyWebMin 1.0 is vulnerable to a remote file include vulnerability. This vulnerability is due to the application failing to properly sanitize user-supplied input to the 'target' and 'action' parameters of the 'window.php' and 'home.php' scripts. An attacker can exploit this vulnerability by supplying a malicious URL in the 'target' and 'action' parameters of the 'window.php' and 'home.php' scripts. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

#######################################
+PHP MyWebMin 1.0 Remote File Include
+Advisory #5
+Product :PHP MyWebMin
+Develop:
+www.josh.ch/joshch/php-tools/phpmywebmin,download.html
+Vulnerable: Remote File Includes
+Risk:High
+Class:Remote
+Discovered:by Kernel-32
+Contact: kernel-32@linuxmail.org
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa ;)
########################################

Vulnerable File:window.php
$ordner = opendir("$target");
?>

and

include("$target/preferences.php");

if($action != "")
{
include("$action.php");
?>

Examples:
http://site/path/window.php?target=/etc
http://site/path/home.php?target=/home
http://site/path/window.php?action=Shell.php

# milw0rm.com [2006-09-28]